|
|
Subscribe / Log in / New account

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

[Posted July 27, 2012 by jake]

Wired writes about crypto.cat (or Cryptocat), which is an AGPL3-licensed browser-based AES-256-encrypted chat program. It was created by 21-year-old Nadim Kobeissi, who is originally from Beirut, Lebanon and now goes to college in Montréal, Canada. "But Kobeissi also knows that it’s equally important that Cryptocat be usable and pretty. Kobeissi wants Cryptocat to be something you want to use, not just need to. Encrypted chat tools have existed for years — but have largely stayed in the hands of geeks, who usually aren’t the ones most likely to need strong crypto. 'Security is not just good crypto. It’s very important to have good crypto, and audit it. Security is not possible without (that), but security is equally impossible without making it accessible.'"
to post comments

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 28, 2012 1:15 UTC (Sat) by xxiao (guest, #9631) [Link]

I hosted on my site and use it whenever I need it. it's handy and very useful.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 28, 2012 17:09 UTC (Sat) by robert_s (subscriber, #42402) [Link] (19 responses)

Wonderful...

...if you trust the https certificate of the server hosting the javascript.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 28, 2012 17:40 UTC (Sat) by Kit (guest, #55925) [Link] (17 responses)

Yep. Crypto.cat pretty much only works in the case of an entirely passive attacker. If they can impersonate the server, or control the server, then they could easily seed malicious javascript that defeats all the crypto. In addition, Cryptocat still depends on the users verifying the other party's key via some side channel. Without doing that, you might as well not even have any encryption in the first place.

It seems that the software is largely encouraging a false sense of security.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 29, 2012 0:33 UTC (Sun) by skybrian (guest, #365) [Link] (1 responses)

Well they also have a Chrome app and Android client - assuming you have a secure way to download it and verify the install. But then you also should verify Chrome, and your OS...

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 29, 2012 2:44 UTC (Sun) by Kit (guest, #55925) [Link]

I've not really looked at Cryptocat in a few months (not since the last time there was a lot of buzz about it), but back then, the Chrome 'app' wasn't entirely self contained, and was still grabbing a number of resources from remote sites (I don't believe any were javascript files, but still more than enough to do tracking and potentially other nasty things).

Also, Chrome apps will automatically update themselves, so even if the current version is totally safe, there's no guarantee that it won't update itself 5 minutes later with a version that forwards all your messages to nsa.gov (or evilblackhats.biz). Alternatively, if you manage to disable the auto update, you could end up stuck using a version with known security issues (hardly an ideal situation, either! but that's more so an issue with Chrome's model and sensitive data).

Even ignoring that avenue of attack, the users are still stuck with the classic problem of having to verify the other party's key via some trusted channel. Sadly, Cryptocat doesn't even bother to inform the users of this fact, so most users will probably not even realize they need to take such steps, and will just blindly assume the other party is the person they assume it is (and couldn't POSSIBLY be someone performing a MITM attack). To me, it was non-obvious that you could even retrieve the other party's key by clicking their name.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 29, 2012 1:55 UTC (Sun) by jimparis (guest, #38647) [Link] (14 responses)

Thanks for that info. I was having a hard time sorting through the hype to figure out how they dealt with distribution and key management -- now I understand that they don't.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 29, 2012 2:35 UTC (Sun) by apoelstra (subscriber, #75205) [Link] (13 responses)

They have a hidden service, which avoids the need to trust their SSL key (there is no HTTPS, only the security of the Tor network), and solves the identity/MITM problem, since the .onion URL is actually the public side of a keypair that only cryptocat has.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 29, 2012 13:53 UTC (Sun) by bjartur (guest, #67801) [Link]

That deals with code signing only. I kept looking for public keys to transfer over a secure channel, but it seemed anyone could just join the chat. It was not until I read this comment thread that I found out how to get fingerprints using the UI.

It does however tell you how many are reading. If there are supposed to be three clients connected, but four subscribe, you know the chat room to be compromised. And in the case of small and tightly-knit groups that may be enough.

But then you have to securely verify that everyone is subscribed before you send anything sensitive, because otherwise that third subscriber could just as well be the military or the police.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 29, 2012 15:22 UTC (Sun) by robert_s (subscriber, #42402) [Link] (11 responses)

But if you're using Tor anyway, what extra does cryptocat give you? Surely the point of cryptocat doing all encryption in browser is avoiding the necessity of end users having to install & set anything up. If they're then saying you have to have Tor working for it to actually be secure, then, well, what's the point?

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 29, 2012 15:48 UTC (Sun) by Kit (guest, #55925) [Link] (10 responses)

The only thing Cryptocat provides you is an in-browser chat client. But, due to the nature of an in-browser (http hosted) chat client, it's virtually impossible to verify the components (since each visit could load a new variant of files, or even entirely new files). So the closest thing Cryptocat provides to an advantage, actually compromises security, and instead you shouldn't leverage that advantage (even according to the creator).

Ease of use is how they try to market Cryptocat... but, to actually use Cryptocat securely, it would be no more effort to use any IM client that supports OTR (or similar) instead (a number support it out of the box, with others having plugins).

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 29, 2012 16:13 UTC (Sun) by xxiao (guest, #9631) [Link] (3 responses)

OTR is not that easy to use esp you need the peer to set up the same thing.
cryptocat can be really useful when you need chat privately from an internet bar, a kiosk, a computer in hotel,etc

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 30, 2012 4:32 UTC (Mon) by Kit (guest, #55925) [Link]

The few times I've bothered to use OTR, it was incredibly easy to setup (no more difficult than any program). I'd imagine, though, it'd depend hugely on which client you used it with (I'm sure some are absolute nightmares).

> chat privately from an internet bar, a kiosk, a computer in hotel,etc

Exactly who are you wanting privacy from?

If it's the owner (or anyone else that can touch them) of each of those machines, you can simply forget about that to begin with, as a keylogger would easily defeat Cryptocat (and OTR, and everything else that didn't encrypt the data before it entered the computer). For any casual malicious entities on the network (i.e. anyone that can't hijack SSL sessions... so basically anyone that isn't approaching the power of a nation state), then the SSL certificate alone would do a good enough job securing the communication (and many common chat protocols support SSL connections... even IRC!). If you're worried about someone that can hijack SSL sessions, then you're screwed anyways if you're using the website version, which is almost assuredly the version you'd be using on one of those machines.

I'm not really seeing a scenario where Cryptocat actually delivers on the hype.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 30, 2012 8:59 UTC (Mon) by robert_s (subscriber, #42402) [Link] (1 responses)

"cryptocat can be really useful when you need chat privately from an internet bar, a kiosk, a computer in hotel,etc"

When was the last time you were able to set up Tor on a machine in an internet bar, a kiosk, or a computer in hotel?

Because from what I'm hearing, the only time cryptocat is actually secure (any more secure than plain old SSL) is when it's being used through Tor.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 30, 2012 15:35 UTC (Mon) by raven667 (subscriber, #5198) [Link]

Forget that, an internet bar, kiosk or hotel computer probably has a keylogger on it, either installed by the system owner or by nefarious types. It's not safe to type anything personally identifying, login to any of your services, etc. from this kind of terminal.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 31, 2012 7:37 UTC (Tue) by ekj (guest, #1524) [Link] (5 responses)

That's not true. Using crypto-cat is a lot easier than downloading, installing, and configuring a IM-client for OTR-messaging.

I've used crypto-cat for something as simple as chatting with friends in Tunisia and Syria about the situation there, under the circumstances that seems sensible, I don't trust the Syrian government further than I can throw them.

"Go to this website" is a *lot* simpler than "download this IM-client and install it, then sign up for an account *here*, then configure OTR-messaging like *this*, then add me as a "buddy" like *that*, and -then- talk to me."

Crypto-cat ain't perfect. But it's very likely good enough that the Syrian government does not routinely store the text of our chats, and it would cost them significant effort to get at those texts.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 31, 2012 8:48 UTC (Tue) by robert_s (subscriber, #42402) [Link] (3 responses)

"I've used crypto-cat for something as simple as chatting with friends in Tunisia and Syria about the situation there"

Please don't.

"Crypto-cat ain't perfect."

Well, it ain't secure.

"But it's very likely good enough that the Syrian government does not routinely store the text of our chats, and it would cost them significant effort to get at those texts."

In that way it's no better than obfuscation then.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 31, 2012 10:24 UTC (Tue) by ekj (guest, #1524) [Link] (2 responses)

Your comment isn't particularly helpful. You say neither why it's a bad idea, nor what one should do instead.

crypto-cat *does* suffer from quite a few problems, the biggest one I'm aware of being the need to somehow securely exchange keys, and the fact that you need to trust the folks running the website.

But those vulnerabilities exist in all programs - if I download Pidgin with OTR, I need to trust the folks creating pidgin and running the website I download it from. Yes I know about signatures on packages, but most windows-users don't, and even then you still need to trust the person signing the package.

trade-offs are the rule, not the exception in the real world. It's reasonable to consider crypto-cat more secure than unencrypted chat. With "more secure" in this context, I mean simply: the odds that the government of Syria will read the chat-contents, is lower.

Ease of use *does* have value, and encrypted chat that works with zero installation is useful -- yes you need to securely exchange keys, and that's a problem - but it's primarily a problem if you worry about being the victim of a *targeted* attack, and that's not the issue here, the worry is over passive sweeping passively eavesdropping on everything and grepping for interesting words kind of attack. Against -that- kind of attack, key-exchange is easy.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 31, 2012 15:44 UTC (Tue) by avheimburg (guest, #75272) [Link]

> and the fact that you need to trust the folks running the website

That's the problem: You need not only trust the cryptocat site, you need to trust all the hosts between your PC and the cryptocat site and all the hosts between your chat partner's PC and the site.

It's entirely possible for the any organization that controls internet access to launch a MITM-attack and supply all the poeple in Syria with a "customized" version of cryptocat that sends a copy of everything said to a computer controlled by the government. And there's no easy way for you to check whether you or your chat partner is thusly compromised.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 31, 2012 17:06 UTC (Tue) by robert_s (subscriber, #42402) [Link]

"and the fact that you need to trust the folks running the website."

The wired article *itself* (presumably prompted by the cryptocat author) says SSL is "known to be broken". So you _can't_ trust the folks running the website. It's a self contradiction.

Is _some_ security better than none? Perhaps, but probably only when you're dealing with foes less capable & with fewer resources than a nation state. However if a false sense of security encourages someone to be more loose-lipped and candid, then it can be _very_ dangerous.

A slightly half-baked "some security is better than none" attitude may be fine for you, but I suspect _you're_ not the one that's going to get tortured, the person you're talking to in [dictatorship] _is_.

The problem with cryptocat's message is it is *far* less secure than it purports to be.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Aug 3, 2012 15:41 UTC (Fri) by arafel (subscriber, #18557) [Link]

Please, really don't use it with people in bad regimes like that. From looking at http://www.matasano.com/articles/javascript-cryptography/ - a link I'd urge you to read too - an automated injection of a JavaScript script would be all that's required to defeat CryptoCat entirely.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 30, 2012 9:51 UTC (Mon) by copsewood (subscriber, #199) [Link]

The only technology which seems remotely likely to solve this PKI problem is DNSSEC. The HTTPS CA system was too expensive and inflexible and has shot itself in the foot by trying to solve the cost/inflexibility problem by having more CAs. Few end users seem ever likely to want both to learn how to and carry out the maintenance needed to sustain a web of trust based on multiple GPG partial identity trusts.

The main complaints I've heard about DNSSEC are that it isn't widely enough used yet, and we all have to trust ICANN. The first is a chicken & egg problem affecting all new network technology. As the second, nothing to prevent local admins installing a different root zone provider trust anchor if they don't trust ICANN not to mis-sign a TLD that matters to them. In practice technologies such as convergence designed to fix the current CA problem are likely to be more effective if and when used for holding significant DNSSEC signing authorities to account.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 30, 2012 7:39 UTC (Mon) by mordae (guest, #54701) [Link] (1 responses)

It's a nice example of how browser-side website signing could be useful. The client html/javascript could be mirrored all over the world plus people who reviewed it would sign the code with GPG. You would then visit an arbitrary mirror and check that it's signed with several reviewers you chose to trust.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Jul 30, 2012 9:09 UTC (Mon) by robert_s (subscriber, #42402) [Link]

...how do you "check it's signed" and check your browser is being served/running the version of the javascript that is signed?

Sounds like you'd need some sort of "secure" "http"... but then you'd need certificates for that... but then you'd need to make sure you trust those certificates...

I think this is a nice example of how browser-side website signing is fundamentally flawed.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Aug 2, 2012 21:40 UTC (Thu) by dkg (subscriber, #55359) [Link] (2 responses)

Chris Soghoian's "Tech journalists: Stop hyping unproven security tools" offers a dose of much-needed sobriety about this kind of article.

This Cute Chat Site Could Save Your Life And Help Overthrow Your Government (Wired)

Posted Aug 3, 2012 15:39 UTC (Fri) by arafel (subscriber, #18557) [Link] (1 responses)

Indeed. In particular people need to read http://www.matasano.com/articles/javascript-cryptography/ (linked from his article).

Essentially, not only is CryptoCat unsecure, it cannot be made secure.

on CryptoCat's security

Posted Aug 19, 2012 10:33 UTC (Sun) by sumanah (guest, #59891) [Link]

Responses to Chris Soghoian to also read: Ryan Singel, Quinn Norton.


Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds