Cryptographer Consulting: Security Transparency vs. Relying on Ourselves

Security is critical: we want to rely only on ourselves

The idea of having to rely entirely on some external entity, that maintains a somewhat mysterious "security structure", and is the only one to have complete access to your company's data, certainly looks uncomfortable. But this is in no way an inevitable consequence of external consulting, and definitely not the way we work.

Our policy is to collaborate in an as transparent manner as possible. We will provide you with as much technical details about your system as you will want to hear, and transfer control to you in as much as you want.

To take a simple example, the aforementioned Kerckhoffs' assumption pleads for a clear separation between cryptographic functions and keys, with the latter gathering all the secrecy required for protection. During development, we clearly point the places were keys are used. Before deployment, you decide whether you want us to keep these keys, acting as a backup, or you prefer to replace them by your own, hence becoming the one and only to have access to your data.

And if you want to be sure there is no inserted backdoor, you can also have the software developed by your own programmers' team, with our support for global architecture design and technical assistance. Or you can have the product audited by a third party.