Netidee Blog Bild
Opaque is now production-grade software
Why now and what's to come (17.02.2024)
Förderjahr 2022 / Projekt Call #17 / ProjektID: 6374 / Projekt: Opaque

 

Security Audit

After getting the the opaque and react-native-opaque version to a stable release a security audit was conducted by 7ASecurity. It included extensive testing, a code review and fuzz testing of the libraries. No issues could be identified in the libraries. Only in the examples a handful of issues were found. We fixed them and re-tested from 7ASecurity.

Another result of the audit was the recommendation to improve the release process. We followed this advice and introduced publishing via the Github CI. This also allowed us to now generate provenance statements with each release.

You can read up on the full report here: https://7asecurity.com/reports/pentest-report-opaque.pdf

Extensive documentation

The documentation is ready and contains all the content we planned to produce. We are especially proud of the interactive animation in the system simulation and protocol visualisation.

Why has it not yet been release as 1.0.0?

The draft for the OPAQUE-protocol RFC has passed the review by the Crypto Forum Research Group (CFRG). It now has been handed over to the IETF editors and once it passed this step it will be released published as an RFC. Probably publish it by then.

What's next?

We want to promote Opaque and the OPAQUE-protocol so many many more software engineering teams can benefit from it's existence. This will be done through various talks at conferences and meet-ups in the coming year e.g. React Summit on 14th June in Amsterdam.

Since we are using Opaque ourself in our end-to-end encrypted workspaces application Serenity we intend to maintain Opaque for a long time. While we don't expect any big changes in the core library, it certainly will be necessary to keep the examples and ReactNative dependencies up-to-date.

Conclusion

Working on this project was a pleasure for the whole team and we are grateful to formest Netidee having faith in our plans. It's rare to get dedicated funding an Open Source project of this kind and it allowed us to establish a quality level that is rare in software development and focus on details in the documentation we deeply care about.

In addition we want to thank the Open Technology Foundation for sponsoring the security audit and 7ASecurity for their incredible work on the audit itself.

 

 

Tags:

JavaScript TypeScript Open Source React Native Authentication
CAPTCHA
Diese Frage dient der Überprüfung, ob Sie ein menschlicher Besucher sind und um automatisierten SPAM zu verhindern.
    Datenschutzinformation
    Der datenschutzrechtliche Verantwortliche (Internet Privatstiftung Austria - Internet Foundation Austria, Österreich) würde gerne mit folgenden Diensten Ihre personenbezogenen Daten verarbeiten. Zur Personalisierung können Technologien wie Cookies, LocalStorage usw. verwendet werden. Dies ist für die Nutzung der Website nicht notwendig, ermöglicht aber eine noch engere Interaktion mit Ihnen. Falls gewünscht, können Sie Ihre Einwilligung jederzeit via unserer Datenschutzerklärung anpassen oder widerrufen.