What is the system requirement for KONCIL?
KONCIL has been tested on Microsoft Internet Explorer 8.0, Mozilla Firefox 5.0, Mozilla Firefox Mobile 33.0, Google Chrome 31 and Google Chrome Mobile 38. However, it also heavily depends on the performance of your device. You might experience longer delays or even browser warnings on non-responsive scripts on slower devices. We recommend that you use the latest version of Chrome or Firefox series, due to their performance edge over other products. During our testing, it only takes Google Chrome 31 about 4.5 seconds to generate a RSA 1024-bit key pair, while it takes more than 40 seconds for Microsoft Internet Explorer 8.0 for the same task on the same machine.
Is KONCIL perfectly secure?
Unfortunately, the short answer is no. KONCIL can still be vulnerable if:
- You device is already compromised. If you device has been infected by virus, trojan horse or malicious programs, the programs can record whatever you type or even steal your private key.
- The network you are using is compromised. If the ISP, company network or the internet in your area is being tempered, it is possible that a targeted man-in-the-middle attack can be successful.
- Make sure your device is clean by routine virus scans. Do not install software from untrusted sources.
- Make sure the hash code in your contact list matches with the hash code appears on his device. You can simply verify first few digits of the hash code with your contact via other means, including but not limited to your other instant message applications, SMS or even a simple phone call. This ensures that the public key indeed belongs to your contact, but not forged by a interception proxy. In fact, many government agencies advise their field officers to use at least three separate means of communication for key verification.