Group Chat Vulnerability Discovered in Cryptocat, Project Fixes and Apologizes 83
alphadogg writes "The founder of an eavesdropping-resistant instant messaging application called Cryptocat has apologized over a now-fixed bug that made some types of messages more vulnerable to snooping. Cryptocat, which runs inside a web browser, is an open-source application intended to provide users with a high degree of security by using encryption to scramble messages. But Cryptocat warns that users should still be very cautious with communications and not to trust their life with the application. The vulnerability affected group chats and not private conversations. The encryption keys used to encode those conversations were too short, which in theory made it easier for an attacker to decrypt and read conversations."
The bug report/merge request, and an analysis of the bug (although, in light of the Cryptocat's gracious response, overly acerbic and dismissive of the project).
Re:Nothing overly dismissive there (Score:4, Interesting)
It is a devastatingly simple and obvious bug that any code review would have spotted. It's laughably amateurish.
It's especially egregious after the rant the author (isn't there just one?) went on about Javascript cryptography. Couldn't have happened to a nicer guy.
After all, what's the single biggest challenge in JavaScript cryptography? Random number generation. So what's the FIRST thing you look at when reviewing? Random number generation for keys. And what, pray, is their excuse for not using window.crypto.getRandomValues() with a typed array of bytes, which is guaranteed to be available in every supported browser? What, in fact, is their excuse for not using Uint8Array for carrying keys wherever they go?