Least Authority Performs Security Audit For SpiderOak
Our mission at LeastAuthority is to bring verifiable end-to-end security to everyone.
As part of that mission, in addition to operating the S4 simple secure storage service, we also run a security consulting business. We LeastAuthoritarians have extensive experience in security and cryptography, and other companies pay us to analyze the security of their protocols and software.
Almost all of our consulting clients are making Free and Open Source software which protects user freedoms and works against censorship. It is wonderful that in this day and age we can get paid to work on software in the public interest.
One of our clients is SpiderOak, a company who, like LeastAuthority, sells cloud storage with end-to-end encryption. They didn't hire us to evaluate the security of their current storage product (that would be a big job!), but instead to do a limited, two-week long, security audit of their new Crypton.io framework.
It was a fun project because we got to learn some of the details of the Crypton.io design and implementation. We came away with a favorable impression of the professionalism and good engineering practices of the SpiderOak team. Crypton.io is all Free and Open Source software, and it is designed for real, end-to-end security, which is part of why we wanted to take the job.
Today SpiderOak has published the security auditing report. We'd like to thank them for producing Crypton.io, subjecting it to this kind of independent review, and publishing the complete results. That's the right way to do things!
The next security audit that we performed, was for the Cryptocat secure chat app. We expect the report from that to also be published soon. Stay tuned!