The main point of our peer review was to ensure that BetweenUs works according to the protocol outline in [1]. In addition, the purpose of the review was also to ensure that:

• Delphi standard libraries and Win32 API calls were used in a reasonable and legal manner.
  
• Important memory is blanked after use.
  
• That cryptographic libraries and primitives are used appropriately and with acceptable parameters.
  
• That session keys, challenge response values etc are obtained from a random source.
  
• The random pool is maintained in a reasonable fashion.
  
• That the programming is defensive as far as possible against accidental & malicious network traffic.
  
• Users were given sufficient warning when doing something that has the potential to adversely effect security (e.g. passphrase caching, using null passphrases etc).

Some general cryptographic comments on the program:

• BetweenUs uses K.Blucks delphi header conversion of Peter Gutmanns excellent Cryptlib library [2] for cryptographic primitives (e.g. asymmetric algorithms, symmetric algorithms, hash algorithms & random pool maintenance). The PGP integration section of BetweenUs utilises G.Grieves code [3], which we have tested as part of the peer review.
  
• 3DES default algorithm. CAST & Blowfish are offered as alternative algorithms. All three of these algorithms are thought to be very secure. Blowfish is implemented with full 448-bit keysize.
  
• All algorithms are used in CBC mode with random IV.
  
• SHA-1 is employed for passphrase obfuscation and whitening. Additionally, RIPEMD-160 is used for several other purposes (e.g. producing session fingerprints and hashing challenge response values).
  
• We have tested the output of the 3 symmetric algorithms & 2 hash functions employed against published test vectors.
  
• We have empirically tested the output of the random data produced by BetweenUs with Diehard [4]. All random data (including challenge response, random padding, IVs & session keys) are generated from a 'strong' random source which is continually refreshed from user input. Additionally, random data is periodically added by the Cryptlib library - which uses system & performance counters.
  
• All data is compressed before encryption.
  
• The program pads packets with a random amount of data before sending.
  
• The program sends "fake" random packets occasionaly when BetweenUs is idle.
  
• Asymmetric mode uses Diffie-Hellman with a 3072-bit canned prime.
  
• We have ensured that sufficiently defensive programming exists around network communication.
  
• All passphrase memory & dialog items are suitably blanked to ensure this data isn't inadvertently leaked.
  
• When files are sent, temporary files may be created. These are then securely wiped with a user-definable number of passes.
  

Two items were left unresolved:

1. Lack of secure memory allocation. It is possible that passphrases etc could be retained in memory for some time. It is also possible that the passphrases could be written to the swap file and later retrieved. We suggest that users disable passphrase caching if this is seen as a realistic threat.
   
   
2. When multiple clients participate in a conference and exchange "Private Messages", it is theoretically possible for the computer that hosts the conference to read the private messages between clients. Doing so would require a doctored build of the BetweenUs software. It should be stressed that a passive adversary will not be able to snoop these messages.
   
   

The review process was iterative - a number of minor weaknesses were found in each stage of the review. These weaknesses were fixed by the BetweenUs team and then the source code was resubmitted for further review.

Generally, we found the quality of the coding to be very high. The cryptographic elements of the encryption libraries were used carefully and appropriately.

BetweenUs is available from TamoSoft at http://www.tamos.com/soft/