[liberationtech] What I've learned from Cryptocat

[Moxie Marlinspike]

On 08/06/2012 05:28 PM, Jillian C. York wrote:
> A /safer /web-based tool than Facebook chat with a GIANT WARNING is far
> better than everyone continuing to hold their discussions in insecure fora.

I think this sentence is really the essence of the problem.  Why do you
assume it's safer?

CryptoCat has the word "crypto" in it, positions itself as a
cryptography project, and has a stated emphasis on security, so it's
easy to conclude that whatever it's doing is at least somehow better
than what Facebook or Google are doing.

However, my position is that Google Chat is currently more secure than
CryptoCat.  To be more specific, if I were recommending a chat tool for
activists to use, *particularly* outside of the United States, I would
absolutely recommend that they use Google Chat instead of CryptoCat.
Just as I would recommend that they use GMail instead HushMail.

The security of CryptoCat v1 is reducible to the security of SSL, as
well as to the security of the server infrastructure serving the page.
Any attacker who can intercept SSL traffic can intercept a CryptoCat
chat session, just as any attacker who can compromise the server (or the
server operator themselves) can intercept a CryptoCat chat session.

This effectively means that CryptoCat is not a "cryptography project,"
in the sense that whatever cryptography it delivers does not affect or
improve upon the existing attack vectors of chat tools that we're trying
to "replace" like GChat.

So I believe it comes down to a question of who we trust to provide a
more secure SSL and server-side infrastructure.  No offense to Nadim,
but at this point I believe that Google does a better job.  It'd be
tough to do better, given the amount of dedicated people and resources
they have specifically focused on that problem, as well as the amount of
advanced information they have access to concerning coming SSL attacks, etc.

- moxie

-- 
http://www.thoughtcrime.org