[cryptography] Potential funding for crypto-related projects

aortega at alu.itba.edu.ar aortega at alu.itba.edu.ar
Tue Jul 2 04:17:44 EDT 2013


>> Given those shortcomings I think is not wise to recommend it unless your
>> enemy doesn't have the resources of a country. That being said, it's the
>> best tool at the moment, lights year ahead of other popular software
>> like
>> Cryptocat, whose end-point security should be considered not only
>> sub-par
>> but dangerous. (who in their right mind will consider browser crypto?)
>
> It's definitely a new field that needs a lot of work. I invite you to
> read:
>
> The paper describing the improvements we're making for browser crypto:
> http://arxiv.org/abs/1306.5156
>
> My blog post on the improving state of browser crypto implementation:
> http://log.nadim.cc/?p=33
>
> NK

Hi! nice to see that improvements are coming. I was reacting to some
papers reporting about Cryptocat being used to defeat evil governments,
etc.  IMHO if the FBI can beat TOR, surely they can beat Cryptocat as
well.

But I don't blame you. I don't think any real-time chat can ever be made
"safe" and by safe I mean anonymous, because of its low-latency nature.
You can have privacy by using OTR and that's good in many situations, but
won't protect you from somebody with enough money to hire techs and put
some taps.

And then your users get killed or thrown into prison and then can't report
any bug. Crypto dev is like that :)

Best regards,

Alfred



More information about the cryptography mailing list