[cryptography] DeCryptocat

Silas Cutler silas.cutler at BlackListThisDomain.com
Thu Jul 4 16:34:45 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

<Sorry, long time lurker, first time poster.  Hate my first post to be a
negative one. >

http://tobtu.com/decryptocat.php

<Brief>
DecryptoCat v0.1 cracks the ECC public keys generated by Cryptocat
<https://crypto.cat/> versions 1.1.147 through 2.0.41. Cryptocat version
2.0.42 was released Feb 19, 2013 which increased the key space from
2^54.15 to 2^106.3. Decryptocat takes advantage of a meet-in-the-middle
attack called baby-step giant-step you can effectively square root the
key space. So 2^54.15 turns into 2^27.08 and 2^106.3 to 2^53.15. For
Cryptocat versions before 2.0.42, doing a split of 2*10^9 and 10^7 it
takes about a day to calculate data needed to crack any key in few minutes.

tl;dr -If you used Cryptocat from October 17th, 2011 to June 15th, 2013
assume your messages were compromised. Also if you or the person you are
talking to has a version from that time span, then assume your messages
are being compromised.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCgAGBQJR1dxlAAoJED4YSmxlVKcxWKQH/j14Bp5R4kH8fu738n7TX/cz
wPm5xhtFmpYJ78pLLkQ8JNUrckqrZVmj+SCgZeKDl9ESzy0qyXcGuJyKfVwZO4VJ
7z07awreT01NNafOCH2NtJSt6x/5WTYYVJDXrtdBMaVyeJkDV8T9Yca0YYfTVPsF
q8xzzWm6rRg4WsDS5Zi07rMu5PN8Ijx7+sbjCmM4Bh2/VIdFjr9Llb2SyXQyi9AJ
xFT+3iLHfEep0SDAg1MZSqb2Qryw95FOW2+FRdFwqD4lFM8otNbQAklCp7BJOENW
eFvRG3dYQzw8T7FAp5vtkLaglGTbfptuijXuxsV1h/wb+a6O9HX1mOGr0AGid5k=
=POme
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130704/b55d6f6a/attachment.html>


More information about the cryptography mailing list