Don’t take this as an insult, but you really need to come back when there is an independent audit that confirms the claims. Verifying cryptography is not something even a tech-savvy person can do, even if the source code is available.
Even if you could verify it yourself, it is prudent to have someone else audit the encryption and how it’s implemented. As well-intentioned and thorough as devs may try to be, there’s a reason companies have separate QA teams.
I read the source code and this is a hobby-project that you could write in an afternoon with no knowledge of cryptographic protocols.
There are dozens of obvious deficiencies even to me and I am no expert in cryptography. An easy example to point out is that there is no input validation and no error checking or exception handling. Both the client and server just assume that the other side is a well-behaving correct implementation.
The author should not be posting this around as if it’s a serious tool for people to use. If anything it’s a starting point for OP to get advice from experts on how real systems do this properly. I’d recommend that the author spends a LOT of time reading before doing. There are numerous design documents of real systems and protocols, and some good comprehensive books too.
From what I can tell, this is the only stuff this lemmy account is posting. Tons of “weekend projects” making grand claims about security and privacy. Usually posted the same day the github project is created, no less.
