[liberationtech] What I've learned from Cryptocat
Moxie Marlinspike
moxie at thoughtcrime.org
Wed Aug 8 08:38:10 PDT 2012
On 08/08/2012 06:37 AM, liberationtech at lewman.us wrote:
> On Tue, Aug 07, 2012 at 05:18:02PM -0700, erik at sundelof.com wrote 4.7K bytes in 111 lines about:
> :partial defenses using any technology tool. I may feel too strong about
> :tools being discussed as THE solution or THE bulletproof vest so to speak.
>
> I'm not picking on you Erik, but this comment finally struck me
> about what's bothered me with this debate. There is no such thing as 'the
> bulletproof vest'.
I don't think anyone is saying we want an "ultimate solution." We have
a set of technologies that we're trying to replace with a more secure
solution (GChat, Facebook, etc...). It's as simple as looking at the
attack vectors that we're concerned users will experience with these
existing web-based chat solutions and asking the question of whether
CryptoCat improves on any of them.
Again, as I see it, there are three possible vectors for attack with
existing web-based chat solutions:
1) SSL intercept.
2) Server infrastructure.
3) Operator.
These are not theoretical, pie-in-the-sky vectors. These are things
that are actually happening, are within the state of the art of an
average adversary, and are within the scope of what this type of
technology problem could potentially address.
My analysis is that the CryptoCat technology does not improve any of
these three vectors, and in fact might make the user more at risk to
compromise through #1 and #2 than with existing web-based chat solutions
(GChat, etc...).
So again, I don't believe that those of us who have concerns about
CryptoCat are asking for a "bulletproof vest." We're not demanding the
"ultimate tool." To use your analogy, I'm looking for a bulletproof
vest that's at minimum not rated *worse* than GChat, and ideally is
rated some degree higher.
- moxie
--
http://www.thoughtcrime.org
More information about the liberationtech
mailing list