[cryptography] crypto.cat

natanael.l at gmail.com natanael.l at gmail.com
Sat Mar 31 16:17:50 EDT 2012


There are two issues IMHO:

* SSL flaws/Javascript MITM/bad servers. Your key can be leaked.

* If you already have a way to verify fingerprint PER SESSION, then why use this service? I can only imagine it's because you prefer to type on a computer keyboard on a public access computer than on your phone with an SMS encryption app (used for fingerprint auth). And even then it's not a computer under your control (spyware/wiretapped keyboard). Or if it's in a friends house.


2012-03-31 19:49 skrev Jacob Taylor:

It seems that isn't true:

https://crypto.cat/about/spec-rev1.2c.pdf

(Section 6 in particular)


Nadim's response via twitter (until he can get the list working)

https://crypto.cat/about/spec-rev1.2c.pdf


"Just subscribed, can't seem to reply. It does actually have
authentication via fingerprints:

https://crypto.cat/about/spec-rev1.2c.pdf"



On Sat, 2012-03-31 at 15:02 +0000, natanael.l at gmail.com wrote: 
> It seems to lack verification and authorization = easy to MITM.
> 
> 
> 
> 2012-03-31 15:49 skrev Mario Contestabile:
> 
> 
> 
> You guys have any cypherpunk opinions on https://crypto.cat/about/spec-rev1.2c.pdf ?
> 
> 
> It's a "secure" online communication tool, apparently used by
> Anonymous.
> 
> 
> It was developed by Nadim Kobeissi, (yet another Montrealer).
> 
> 
> Mario
> 
> _______________________________________________
> 
> cryptography mailing list
> 
> natanael.l at gmail.com
> https://crypto.cat/about/spec-rev1.2c.pdf
> 
> 
> 
> _______________________________________________
> cryptography mailing list
> natanael.l at gmail.com
> https://crypto.cat/about/spec-rev1.2c.pdf


-- 

Jacob Taylor (@Aranjedeath) https://crypto.cat/about/spec-rev1.2c.pdf



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20120331/8dad3607/attachment.html>


More information about the cryptography mailing list