[liberationtech] Crypho

Nadim Kobeissi nadim at nadim.cc
Fri Mar 22 14:03:58 PDT 2013 

How is this any different from Cryptocat?


NK


On Fri, Mar 22, 2013 at 4:59 PM, Cooper Quintin
<cooper at radicaldesigns.org>wrote:

> I had a chance to try out crypho a couple of weeks ago at a demo they
> put on at noisebridge.  I have some concerns about it, namely the
> delivery of crypto code over javascript without any sort of verification
> of it's authenticity (via browser plugin, etc.), since this point has
> already been discussed to death on this list however, I do not wish to
> re-open that debate.
> I managed to find a couple of javascript injection attacks in the beta
> already, though the developer assures me that they are working on fixing
> all the bugs right now, still the lack of attention to basic web
> security at such an early stage is concerning.
> That aside it seems okay, though I have some worries about side channel
> attacks and the fact that it hasn't been peer reviewed as far as I can
> tell yet.
> It does seem like an interesting project though, with some smart people
> behind it. I am looking forward to seeing the code once they open source
> it.
>
> Cooper Quintin
> PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA
>
> On 03/22/2013 01:48 PM, R. Jason Cronk wrote:
> > Anybody know the people who are doing this?  http://www.crypho.com/
> >
> > It's still in beta, so I'm assuming they are working out bugs prior to
> > releasing the code which they say they will do. See
> > http://www.crypho.com/faq.html
> >
> >
> >           Is it Open-Source?
> >
> >     Yes! We are reviewing the source code for release. It will be
> >     available under an OSI approved license in the near future.
> >
> >
> >
> >
> >
> > *R. Jason Cronk, Esq., CIPP/US*
> > /Privacy Engineering Consultant/, *Enterprivacy Consulting Group*
> > <enterprivacy.com>
> >
> >   * phone: (828) 4RJCESQ
> >   * twitter: @privacymaverick.com
> >   * blog: http://blog.privacymaverick.com
> >
> >
> >
> > --
> > Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130322/09a3e9c4/attachment.html>

More information about the liberationtech mailing list