Monday, March 5, 2012

Towards a More Transparent Security Model

We’ve taken a few steps in order to improve the Cryptocat project’s transparency concerning its decisions on security:

Improvements regarding security transparency:

  1. We have released version 1.2c of the Cryptocat protocol, which replaces our custom  safe Diffie-Hellman prime with a prime taken from RFC 3526. Seeing as the primes in the RFC are all derived from π, we hope this will mitigate any theoretical concerns regarding possible hidden properties in our choice of prime constants. Google Chrome App users should update their copies of Cryptocat immediately in order to reflect these changes.
  2. We have updated the HTTPS headers for crypto.cat to include HTTP Strict Transport Security data. We have also submitted crypto.cat for inclusion in Google Chrome’s embedded HSTS list. Strict Transport Security adds an extra layer of forced HTTPS to connections directed to crypto.cat, in addition to the server being configured to refuse all HTTP connections and redirect them to HTTPS instead.
  3. We have updated both the Cryptocat README and configuration file to include stricter warning against deploying Cryptocat without HTTPS, with mentions on using Cryptocat as a Tor Hidden Service.

Towards an open threat model:

Upcoming revisions of the Cryptocat specification will include a detailed threat model that we hope will clarify what Cryptocat is designed to protect against and what it cannot. While we find that the current specification’s Introduction section does briefly cover this issue, we have determined that a more thorough threat model is required and will be included in an upcoming revision of the specification.

Posted at 10:20 PM 2 notes
Sunday, March 4, 2012

Donate via Bitcoin!

We now accept donations via Bitcoin, the awesome decentralized crypto-currency. Throw some coins at us and help us make Cryptocat better! Our Bitcoin wallet address is:

16KxSELq3uywgVQXzrrWVtvMy3vk2ng9Sa

Our Bitcoin wallet is also listed on the donate page.

Posted at 8:59 PM 1 note Tags: bitcoin
Saturday, March 3, 2012

BBC News on Cryptocat and Raspberry Pi

Posted at 9:22 AM
Thursday, March 1, 2012

Message Authentication Bug Fixed

We’ve fixed a bug which would cause many users to receive false message authentication failure errors (“Error: message authentication failure”) due to a bug in how message order authentication was being handled. We’ve updated both the code and the specification document in order to reflect this change. The specification is now at version 1.2b as a result.

This bug did not present a security weakness, but simply failed to authenticate some legitimate messages that should have passed authentication. We’re sorry for the inconvenience this bug has caused some users and hope that we’ve had it fixed in this update. Cryptocat Chrome app users should update immediately to benefit from the bug fix.

Posted at 11:20 PM
Wednesday, February 29, 2012

Protocol Version 1.2a Released

We’ve updated the Cryptocat protocol to version 1.2a. Both the web and Chrome app versions have had their codebases updated to reflect the changes, so Chrome app users will need to update their Cryptocat app in order to be able to use the latest version of the protocol along with those accessing Cryptocat via the web version.

Version 1.2a of the Cryptocat protocol introduces the following enhancements:

  1. Shared secrets are now hashed with SHA512 instead of SHA256. The resulting 512 bit hexadecimal value is split into a 256 bit value for AES-256 operations and a 256 bit value for HMAC-SHA256 operations. This means that the complexity of both keys for encryption and authentication has been increased from 16^32 to 256^32.
  2. Fingerprints are now derived using SHA512 instead of SHA256.

You may download the design specification for protocol 1.2a here.

Edit: We’ve fixed some typos, clarified some sentences and tweaked the hash characters used for fingerprinting.

Posted at 11:56 AM 1 note Tags: spec
Tuesday, February 28, 2012

Cryptocat developer Nadim Kobeissi was interviewed this morning on BBC Radio’s Outriders. We discussed Cryptocat, how it works, and what we’re aiming to achieve.

Posted at 9:19 AM 1 note Tags: media
Monday, February 27, 2012

Protocol Version 1.2 Released

We’ve updated the Cryptocat protocol to version 1.2. Both the web and Chrome app versions have had their codebases updated to reflect the changes, so Chrome app users will need to update their Cryptocat app in order to be able to use the latest version of the protocol along with those accessing Cryptocat via the web version.

Version 1.2 of the Cryptocat protocol introduces the following enhancements:

  1. We’ve added a Definitions section and further clarified some details of the protocol.
  2. We’ve added a requirement for clients to verify the size of all received public keys (2^4080 < pubkey < p) in order to mitigate against adversarially small public keys.

You may download the design specification for protocol 1.2 here.

Edit: We’ve corrected the minimum value of public keys (from 2^4092 to 2^4080.)

Posted at 7:51 PM 3 notes Tags: spec
Sunday, February 26, 2012

New Feature: Random Chat Names

We’ve added a new feature that generates a random chat name for you, for those times where you can’t seem to decide on an appropriate chat name and just want to hop into a conversation.

Check out the cool new “?” button:

Clicking it generates a random chat name for you.

Once inside the chat, it’s just a matter of sending the link to friends:

We hope this makes it easier for your to agree on a chat name!

Posted at 7:13 PM
Saturday, February 25, 2012

Protocol Version 1.1 Released

We’ve updated the Cryptocat protocol to version 1.1. Both the web and Chrome app versions have had their codebases updated to reflect the changes, so we strongly recommend that Chrome app users update their copies of Cryptocat immediately in order to be able to use the latest version of the protocol along with those accessing Cryptocat via the web version.

Version 1.1 of the Cryptocat protocol introduces the following enhancements:

  1. Message ciphertext and HMACs no longer use the same key, but use two separate keys derived from the Diffie-Hellman shared secret.
  2. Cryptocat now detects if messages have been dropped, delayed, or sent to the recipient in a different order than the sender intended.
  3. The protocol design specification sheet is now more detailed concerning the handling of nicknames, and includes other clarifications and typo fixes.
  4. Addendum: We’ve added an addendum to version 1.1 (on February 26, 2012) that improves the way fingerprints are generated.

You may download the design specification for protocol 1.1 here.

Posted at 9:50 PM 1 note Tags: spec
Tuesday, February 21, 2012

Protocol Design Specification Published

The first revision of the Cryptocat Protocol Design Specification has been published and is available for download and review. We invite everyone to submit your comments on the specification. The specification describes the Cryptocat chat protocol in full detail, and is intended to allow third parties to study and implement the protocol.

Download the Cryptocat Protocol Design Specification, First Revision.

Special thanks to Jacob Appelbaum, Meredith L. Patterson and Marsh Ray for their helpful comments and insight.

Posted at 8:47 PM Tags: spec