Jesseb Shiloh Jesseb Shiloh is new to blogging. He enjoys things that most don't and dismisses society as an unfortunate distraction. Find him on WeHeartWorld, Twitter, Facebook, and Pinterest.

Encrypted chat app CryptoCat isn’t secure by any means

45 sec read

People in the security community often criticize the code behind Cryptocat, an open-source encrypted instant messaging project. Ironically, Cryptocat’s policy of publicly releasing third-party code audits is what generates much of the criticism, which is a reason other projects often choose not to release their audits. On Wednesday, Cryptocat’s founder, Nadim Kobeissi, announced the release of two more code audits, both of which found flaws with the chat program that have now been mostly resolved.

A new report has called into question the effectiveness of cryptographic protocols utilized by the popular browser- and iOS-based chat application CryptoCat. The open-source app contains several flaws, which may permit attackers to compromise OTR (off-the-record) conversations, according iSEC Partners researchers, who performed penetration tests on the software. Users are provided an encrypted platform for conversation through the use of forward secrecy, which in the case of CryptoCat relies upon newly generated keys for each chat session. The process used by the app places the responsibility of verifying a peer’s identity squarely on the users themselves. In other words, a user would need to verify the identity of the person with whom they wish to speak by other secured means prior to initiating CryptoCat, thus negating the entire purpose of the app.

Source
Avatar of Jesseb Shiloh
Jesseb Shiloh Jesseb Shiloh is new to blogging. He enjoys things that most don't and dismisses society as an unfortunate distraction. Find him on WeHeartWorld, Twitter, Facebook, and Pinterest.

Apple is purging hundreds of thousands of apps from…

It may be the end of summer, but that isn’t stopping Apple from doing a bit of spring cleaning. Tomorrow, coinciding with the launch...
Avatar of Alfie Joshua Alfie Joshua
1 min read

This app let’s you buy the food that restaurants…

Just because it’s not fresh doesn’t mean it’s not edible. For people willing to eat food that’s old, but not too old, a new...
Avatar of Brian Molidor Brian Molidor
1 min read

Why is Line listed on both an American and…

Line hasn’t found much success here in the West, which is why it might seem odd that the company decided to list itself on...
Avatar of Lorie Wimble Lorie Wimble
1 min read

Leave a Reply

Your email address will not be published. Required fields are marked *