[liberationtech] DecryptoCat

Jonathan Wilkes jancsika at yahoo.com
Tue Jul 9 10:00:04 PDT 2013 

On 07/09/2013 10:29 AM, Jacob Appelbaum wrote:
> Patrick Mylund Nielsen:
>> On Tue, Jul 9, 2013 at 9:22 AM, Eugen Leitl <eugen at leitl.org> wrote:
>>
>>> On Tue, Jul 09, 2013 at 09:12:21AM -0400, Patrick Mylund Nielsen wrote:
>>>> If it's so easy, go ahead and produce a more secure alternative that
>>> people
>>>
>>> You mean something like http://dee.su/ ?
>>>
>>> And http://dee.su/cables ?
>>>
>>>
>> No, I mean an alternative to Cryptocat (i.e. an OTR client with multiparty
>> communication) that is more secure, and as easy to use.
>>
> While Cryptocat has OTR - the multi-party communication is not the OTR
> protocol.
>
> Cables is as easy to use as email. Generally it is used with an email
> client.

Email for someone that doesn't already have it:
1. Turn on _any_ computer.
2. Load up _any_ OS.
3. Run _any_ browser.
4. Go to www.gmail.com.
5. Sign up.
6. Send a message to bob at wherever.com, whose email address you recall 
from memory.

What are the steps for sending Bob a message using Cables?

This isn't rhetorical, I'd actually like to know what the steps are.

-Jonathan

>
> If you boot liberte - there is little to no configuration beyond
> establishing communication and verifying that you've done so correctly.
> Once that is done, you do not need to do it again - a key defense
> against active attackers. As I understand things this critical step
> (verification and persistence, or merely verification in a usable
> manner) cannot be done in CryptoCat at the moment. Active attackers will
> win against everyone without verification. The last bug ensured that
> *passive* attackers won against everyone on the main server and they
> would also win against everyone not using forward secret TLS modes. As I
> understand, we do not have numbers on how many users are using the less
> secure TLS modes.
>
> Please read this page:
>
>    https://www.ssllabs.com/ssltest/analyze.html?d=crypto.cat
>
> On three computers near me, I see it using non-forward secret modes
> today - SSL_RSA_WITH_RC4_128_SHA - this isn't good news.
>
> This also means that if CryptoCat's security may be reduced to SSL, it
> is now possible to reduce that to plaintext by forcing disclosure of the
> current website's key. This may happen legally or it may happen through
> exploitation. I'm not sure why CryptoCat doesn't just exclusively offer
> everything with forward secret modes, and encourage everyone else to
> upgrade their browser when they use a less secure mode? I suggested this
> to Nadim on another mailing list, I'm not sure if he is working on this
> already? Perhaps so? I hope so...
>
> In any case, "more secure than CryptoCat" is not a high bar during the
> time of this bug. Any CA could have subverted the very little security
> provided the web browser trust model. Also the security provided by
> non-forward secret TLS connections is a really serious problem.
>
> If you mean "as easy to use" as a plugin in a browser and that it can be
> as secure as just chatting over HTTPS protected servers without any
> other security, I think that the requirement is not proportional.
>
> Usability is absolutely critical - but we're not looking to build usable
> software without any security - if we were, we'd all be using Facetime,
> Skype, GChat and so on, without any complaints.
>
> All the best,
> Jacob
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
>

More information about the liberationtech mailing list