If that’s not good enough for you: go check out this year’s pwn2own results.įor non-group messaging, Cryptocat uses a protocol known as off-the-record (OTR) and ships the encrypted data over Jabber/XMPP - using either Cryptocat’s own server, or the XMPP server of your choice.
CRYPTOCAT REVIEW CODE
Running security-critical code in a browser is like having surgery in a hospital that doubles as a sardine cannery and sewage-treatment plant - maybe it’s fine, but you should be aware of the risk you’re taking. They do eight million things, most of which require them to process arbitrary and untrusted data.
CRYPTOCAT REVIEW SOFTWARE
To put a finer point on it: web browsers are some of the most complex software packages you can run on a consumer device. The weakness is that it runs in a frigging web browser. Cryptocat’s impressive user base testifies to the demand for such an application. It’s a strength because (1) just about everyone has a browser, (2) the user interface is pretty and intuitive, and (3) the installation process is trivial. Living in a browser is Cryptocat’s greatest strength and greatest weakness. In this scenario - known as a Man in the Middle (MITM) attack - all the encryption in the world won’t help you. The problem here is simple: if I can compromise such a service, then I can convince you to use my encryption key instead of your intended recipient’s. The real challenge turns out to be distributing users’ encryption keys securely, i.e., without relying on a trusted, central service. That’s because actually encrypting stuff is not the interesting part. However - and this is a critical point - ‘end-to-end encryption’ is rapidly becoming the most useless term in the security lexicon. This has even gotten Skype and Blackberry into a bit of hot water with foreign governments. In fact, these days almost everyone advertises some form of ‘ end-to-end encryption‘ for your data. First, the apps we’ll talk about here are hardly the only apps that use encryption. A couple of notes…īefore we get to the details, a few stipulations. In no particular order, these are Cryptocat, Silent Circle, RedPhone and Wickr. To take a crack at answering these questions, I’m going to look at four apps that seem to be getting a lot of press in this area. Attack of the week: 64-bit ciphers in TLS.Hash-based Signatures: An illustrated Primer.On Ashton Kutcher and Secure Multi-Party Computation.
CRYPTOCAT REVIEW HOW TO
How to choose an Authenticated Encryption mode.Attack of the week: FREAK (or 'factoring the NSA for fun and profit').Zero Knowledge Proofs: An illustrated primer, Part 2.Attack of the week: RC4 is kind of broken in TLS.Zero Knowledge Proofs: An illustrated primer.(not related to this blog) Search for: Top Posts & Pages In my research I look at the various ways cryptography can be used to promote user privacy. I've designed and analyzed cryptographic systems used in wireless networks, payment systems and digital content protection platforms. I'm a cryptographer and professor at Johns Hopkins University.
0 kommentar(er)
