[liberationtech] DecryptoCat

Albert López newlog at overflowedminds.net
Sun Jul 7 13:42:24 PDT 2013 

Hello Nadim,
Don't be ashamed. Shit happens. I hope you don't get frustrated by all this. Keep working. It's easy to criticize the work of others, but whats hard is believing in and developing a great project such as cryptocat.
This kind of work is really important. Of course, we have to be careful with these things, but... Keep going ;)




gpg --keyserver pgp.mit.edu --search-keys EEE5A447http://pgp.mit.edu:11371/pks/lookup?search=0xEEE5A447&op=vindex


> From: nadim at nadim.cc
> Date: Sun, 7 Jul 2013 22:34:24 +0200
> To: liberationtech at lists.stanford.edu
> Subject: Re: [liberationtech] DecryptoCat
> 
> 
> On 2013-07-07, at 2:25 PM, CodesInChaos <codesinchaos at gmail.com> wrote:
> 
> > > So introductory-level programming course mistakes are right out.
> > 
> > In my experience it's quite often a really simple mistake that gets you,
> > even when you're an experienced programmer. I'm quite afraid of simple off-by-one bug,
> > places which I didn't fix in copy&paste, basic logic mistakes etc.
> > IMO Nadim's main mistake wasn't the actual bug, mistakes like that can happen to anybody,
> > but it was designing a really weird API that invites mistakes. Nobody sane return decimal digits
> > from a cryptographic PRNG.
> 
> That's not what the CSPRNG does exactly, but we routed it through an all-purpose function that wields it to present types of data on demand, be it random ASCII lowercase, random ASCII uppercase, random digits, random bytes. And then I messed up and asked it to produce random digits instead of random bytes and BOOM — security disaster, end of the world etc.
> 
> For the record, I feel deeply ashamed about this blunder. But I can't give up this project simply because bugs like this are bound to pop up for any project with this kind of goals and ambition, and our goals are, in my view, deeply necessary.
> 
> NK
> 
> > 
> > For example a really basic cryptography mistake is reusing a nonce in AES-CTR. Still it happens to people experienced
> > in both coding and cryptography. For example Tarsnap had since vulnerability for several versions, despite a competent developer.
> > http://www.daemonology.net/blog/2011-01-18-tarsnap-critical-security-bug.html
> > 
> > In my own programs I'm really careful about nonces and randomness, but still I wouldn't be surprised if a trivial bug slipped through in that area.
> > Writing tests which detect such mistakes is really hard.
> > --
> > Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130707/a40c2674/attachment.html>

More information about the liberationtech mailing list