[cryptography] DeCryptocat

James A. Donald jamesd at echeque.com
Thu Jul 4 17:07:34 EDT 2013

On 2013-07-05 6:34 AM, Silas Cutler wrote:
> Hash: SHA512
> <Sorry, long time lurker, first time poster.  Hate my first post to be 
> a negative one. >
> http://tobtu.com/decryptocat.php
> <Brief>
> DecryptoCat v0.1 cracks the ECC public keys generated by Cryptocat 
> <https://crypto.cat/> versions 1.1.147 through 2.0.41. Cryptocat 
> version 2.0.42 was released Feb 19, 2013 which increased the key space 
> from 2^54.15 to 2^106.3. Decryptocat takes advantage of a 
> meet-in-the-middle attack called baby-step giant-step you can 
> effectively square root the key space. So 2^54.15 turns into 2^27.08 
> and 2^106.3 to 2^53.15. For Cryptocat versions before 2.0.42, doing a 
> split of 2*10^9 and 10^7 it takes about a day to calculate data needed 
> to crack any key in few minutes.
> tl;dr -If you used Cryptocat from October 17th, 2011 to June 15th, 
> 2013 assume your messages were compromised. Also if you or the person 
> you are talking to has a version from that time span, then assume your 
> messages are being compromised.
> Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> randombit.net/mailman/listinfo/cryptography 

106 bits is still far too small.  Seems to me that they only increased 
it as needed to defeat DecryptoCat, not as needed to defeat an NSA farm 
running dedicated special purpose hardware.

Why not use an elliptic curve whose points are, in compressed form, 
about 256 bits, which is the size I chose for Crypto Kong, many, many 
years ago, when computers were far less powerful.  I chose that after 
looking at various cracking efforts as the minimum size that I was 
pretty sure that the NSA could not beat, then or in the reasonably near 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130705/26cfdfdf/attachment.html>

More information about the cryptography mailing list