The security aspects in general for the issue of typing versus storing, it can be secure enough considering the developer did use the appropriate encryption apis, selected the correct ciphers and use a sensitive / aggressive interation count on a key derivation function (KDF).
This proctects against phshing, if correctly implemented.
Also notice I'm not vetting this project, just expressing that is more or less the same about the cryptographycally-soundness, but on the phishing part, a definitive more secure apprach.
I'm on the final rounds of a new wallet development, and I'll publish a doc on how I've secure the keys, using a 6 digit pin code which is resistent to phishing, rainbow tables and other aspects.
The security of the secret-key exchange used by steem is another debate.
I honestly believe on a off-chain approach for the encrypted messages to live. storing numerous and numerous encrypted messages, potentially with the same content possible opens some window to crypto-analysis, but, the end result is not catastrophic, the worse case scenario, a given individual would be able to read encrypted messages.
Glad to extend this conversation further when possible.
Congrats @therealwolf on the project!
Hello @hernandev ! Maybe you'll want to check out the REAL Steem Messenger project, which is actually off chain based : https://steemit.com/utopian-io/@kingswisdom/steem-messenger-v0-0-3-private-beta-session-image-encryption-and-many-more
We work with a unique security protocol that i'll be unveiling this weekend ! Stay tuned for more infos on this !
Upvoted for visibility - it's bullshit when people steal names. I have no doubt the product is cool and well built...but for fucks sake be original people. Besides, I think off-chain solutions are better for this. Why force the chain to work this hard?
Well both these apps are pretty close together and Beta. Not like one has been out for 12 months haha