[ NNSquad ] Bad kitty! "Rookie mistake" in Cryptocat chat app makes cracking a snap

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Bad kitty! "Rookie mistake" in Cryptocat chat app makes cracking a snap

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] Bad kitty! "Rookie mistake" in Cryptocat chat app makes cracking a snap
From: Lauren Weinstein <lauren@vortex.com>
Date: Fri, 5 Jul 2013 16:44:23 -0700

Bad kitty! "Rookie mistake" in Cryptocat chat app makes cracking a snap

http://j.mp/15le1ez  (ars technica)

   "Developers of the Cryptocat application for encrypting communications
    of activists and journalists have apologized for a critical
    programming flaw that made it trivial for third parties to decipher
    group chats.  The precise amount of time the vulnerability was active
    is in dispute, with Cryptocat developers putting it at seven months
    and a security researcher saying it was closer to 19 months. Both
    sides agree that the effect of the bug was that the keys used to
    encrypt and decrypt conversations among groups of users were easy for
    outsiders to calculate. As a result, activists, journalists, or others
    who relied on Cryptocat to protect their group chats from government
    or industry snoops got little more protection than is typically
    available in standard chat programs. Critics said it was hard to
    excuse such a rudimentary error in an open-source piece of software
    held out as a way to protect sensitive communications."

 - - -

It is axiomatic that bad crypto is *worse* than no crypto -- because when
you *believe* you have a secure channel and you really don't, you say 
things you wouldn't have said in the clear, but without real protection.

--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
 - Network Neutrality Squad: http://www.nnsquad.org 
 - PRIVACY Forum: http://www.vortex.com/privacy-info
 - Data Wisdom Explorers League: http://www.dwel.org
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren 
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad

Prev by Date: [ NNSquad ] The Government Masters of Hypocrisy -- vs. Google
Next by Date: [ NNSquad ] [IP] Evi Nemeth presumed lost at sea
Previous by thread: [ NNSquad ] The Government Masters of Hypocrisy -- vs. Google
Next by thread: [ NNSquad ] [IP] Evi Nemeth presumed lost at sea
Index(es):
- Date
- Thread