[liberationtech] Crypho

Cooper Quintin cooper at radicaldesigns.org
Fri Mar 22 14:26:44 PDT 2013 

Nadim,
It seems like Cryptocat has a browser plugin, which I though offers more
security than just delivering js straight from the server to the
browser.  I am incorrect in my assumption?
The other difference between this and Cryptocat is, as Jason mentioned,
the fact that it uses strong authentication, where Cryptocat is more
oriented toward anonymity and privacy.
For what it's worth, I would prefer to use Cryptocat over Crypho for
most of the use cases I am interested in.

Cooper Quintin
PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA

On 03/22/2013 02:03 PM, Nadim Kobeissi wrote:
> How is this any different from Cryptocat?
> 
> 
> NK
> 
> 
> On Fri, Mar 22, 2013 at 4:59 PM, Cooper Quintin
> <cooper at radicaldesigns.org <mailto:cooper at radicaldesigns.org>> wrote:
> 
>     I had a chance to try out crypho a couple of weeks ago at a demo they
>     put on at noisebridge.  I have some concerns about it, namely the
>     delivery of crypto code over javascript without any sort of verification
>     of it's authenticity (via browser plugin, etc.), since this point has
>     already been discussed to death on this list however, I do not wish to
>     re-open that debate.
>     I managed to find a couple of javascript injection attacks in the beta
>     already, though the developer assures me that they are working on fixing
>     all the bugs right now, still the lack of attention to basic web
>     security at such an early stage is concerning.
>     That aside it seems okay, though I have some worries about side channel
>     attacks and the fact that it hasn't been peer reviewed as far as I can
>     tell yet.
>     It does seem like an interesting project though, with some smart people
>     behind it. I am looking forward to seeing the code once they open
>     source it.
> 
>     Cooper Quintin
>     PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA
> 
>     On 03/22/2013 01:48 PM, R. Jason Cronk wrote:
>     > Anybody know the people who are doing this?  http://www.crypho.com/
>     >
>     > It's still in beta, so I'm assuming they are working out bugs prior to
>     > releasing the code which they say they will do. See
>     > http://www.crypho.com/faq.html
>     >
>     >
>     >           Is it Open-Source?
>     >
>     >     Yes! We are reviewing the source code for release. It will be
>     >     available under an OSI approved license in the near future.
>     >
>     >
>     >
>     >
>     >
>     > *R. Jason Cronk, Esq., CIPP/US*
>     > /Privacy Engineering Consultant/, *Enterprivacy Consulting Group*
>     > <enterprivacy.com <http://enterprivacy.com>>
>     >
>     >   * phone: (828) 4RJCESQ
>     >   * twitter: @privacymaverick.com <http://privacymaverick.com>
>     >   * blog: http://blog.privacymaverick.com
>     >
>     >
>     >
>     > --
>     > Too many emails? Unsubscribe, change to digest, or change password
>     by emailing moderator at companys at stanford.edu
>     <mailto:companys at stanford.edu> or changing your settings at
>     https://mailman.stanford.edu/mailman/listinfo/liberationtech
>     >
>     --
>     Too many emails? Unsubscribe, change to digest, or change password
>     by emailing moderator at companys at stanford.edu
>     <mailto:companys at stanford.edu> or changing your settings at
>     https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> 
> 
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
>

More information about the liberationtech mailing list