Featured Image: A demonstration of the ReddiTrust application using an intentionally malformed message
As soon as I saw the news that /u/spez, administrator of Reddit, had silently edited comments against user’s intent, I came up with the relatively simple idea of an application which allows you to sign your messages, allowing others to know they really came from you.
The principle is simple, the application, which I call ‘ReddiTrust’ uses public-key cryptography to allow you to sign and verify messages on reddit. The idea being, you use a ‘private’ key to ‘sign’ you messages, which can be verified using you ‘public’ key. Because only signatures signed by your private key will verify, somebody logging on to your reddit account or a sneaky administrator editing your posts won’t be able to impersonate your ‘signature’.
Right now the public-key scheme used by ReddiTrust is called RSA. Elliptic-curve support is on the way.
Please report any bugs you find to me as the application is currently in alpha. As of right now I am also very sleepy and too tired to see any bugs myself.
Please take note that this application is in alpha, and that I can guarentee you it is not secure against a battle-ready reddit. Do not count on it for any high-risk applications should you get the idea.
UPDATE: Alpha 1.0a released, fixes bugs. Noncritical but recommended
UPDATE: Alpha 1.0b released, fixes bugs. Critical that you update
UPDATE: Alpha 1.0c released, fixes bugs. Relatively important that you update
UPDATE: Alpha 1.1 released, adds new features. You probably want this update
UPDATE: Alpha 1.1a released. Minor fixes.
UPDATE: Alpha 1.2 released. New features, higher usability