Virgilius is secure!

Z25.org has requested Madison Gurkha to assess the IT security of Retyping Dante Application in cooperation with Surfnet. This research started on March 9th 2009. The report is written directly after analysis of the results.

Audit result

The auditors came to the following judgement of the security level:

“Although there is one high level and one medium level risk identified in the virgilius software, we still consider the Retyping Dante application to be secure enough for its purpose.”

The 2 risks were:

  1. The message procedure was vulnerable. (Check for update, recently retyped, current statistics)
  2. Reconstructing typed letters.

The auditors gave recommendedations to fix these 2 risks. These recommendations were implemented in the current version of Virgilius.

With the implemented fixes the Virgilius client is even safer than shown in the diagram above. Virgilius uses the same protocol used for internet banking.

Still not convinced to join Retyping Dante?

You can read the full Madison Gurkha report here:

Code Audit Report by Madison Gurkha

Virgilius sourcecode

Virgilius is open source so all source code is available from the Sourceforge project site for your inspection. Get Retyping Dante at SourceForge.net. Fast, secure and Free Open Source software downloads

Retyping Dante Development site