Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Bug Communications Encryption Privacy Security

Group Chat Vulnerability Discovered in Cryptocat, Project Fixes and Apologizes 83

alphadogg writes "The founder of an eavesdropping-resistant instant messaging application called Cryptocat has apologized over a now-fixed bug that made some types of messages more vulnerable to snooping. Cryptocat, which runs inside a web browser, is an open-source application intended to provide users with a high degree of security by using encryption to scramble messages. But Cryptocat warns that users should still be very cautious with communications and not to trust their life with the application. The vulnerability affected group chats and not private conversations. The encryption keys used to encode those conversations were too short, which in theory made it easier for an attacker to decrypt and read conversations." The bug report/merge request, and an analysis of the bug (although, in light of the Cryptocat's gracious response, overly acerbic and dismissive of the project).
This discussion has been archived. No new comments can be posted.

Group Chat Vulnerability Discovered in Cryptocat, Project Fixes and Apologizes

Comments Filter:
  • by chihowa ( 366380 ) on Saturday July 06, 2013 @02:41PM (#44204225)

    As it is designed, email is capable of peer-to-peer(ish, if people have their own domains) operation and if people used PGP the messages would be safe in transit. It's not totally decentralized, though, as you still depend on DNS.

    More importantly, a shift away from centralized corporate mail servers toward individual (or at least family or co-op) mail servers can happen gradually without relying on the network effect to legitimize a new system.

"Bureaucracy is the enemy of innovation." -- Mark Shepherd, former President and CEO of Texas Instruments

Working...