[cryptography] DeCryptocat

Jacob Appelbaum jacob at appelbaum.net
Fri Jul 5 00:01:02 EDT 2013

Nadim Kobeissi:
> On 2013-07-05, at 3:15 AM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>> Nadim Kobeissi:
>>> Hello everyone,
>>> I urge you to read our response at the Cryptocat Development Blog, which strongly clarifies the situation:
>>> https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/
>> Has there been a rotation of the certificate and keying material for all
>> services that serve CryptoCat chat traffic?
> Rest assured we're working on it as an extra precaution (as mentioned in the blog post). Also, our services use SSL forward secrecy.

I'm not really assured and I think I should clarify something that is
perhaps slipping past like a ship in the night. I went to crypto.cat in
Chrome only to find myself not connected in a forward secure manner.

According to ssllabs[0], CryptoCat supports some odd SSL/TLS configurations:

TLS 1.2	 Yes
TLS 1.1	 No
TLS 1.0	 No
SSL 3.0	Yes
SSL 2.0  No

Further more - it appears that CryptoCat supports
SSL_RSA_WITH_RC4_128_SHA, as well as other non-forward secure modes Is
there really any reason to support such a mode with 3DES in 2013 for
this kind of service?

Also, I'm not sure if this is obvious but it appears that many users may
be using SSL 3.0:

Chrome 27	 SSL 3	 TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)  Forward
Secrecy	 128
Firefox 21	 SSL 3	 TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)  Forward
Secrecy	 128
Internet Explorer 10	 SSL 3	 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
 Forward Secrecy	 128
Safari iOS 6.0.1	TLS 1.2	 TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
Forward Secrecy	 128
Safari 5.1.9	 SSL 3	 TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)  Forward
Secrecy	 128

RC4 is not my favorite choice when all the other crypto has failed.

Do you know how many users are impacted? How many users are actually
choosing the forward secret protocols?

All the best,

[0] https://www.ssllabs.com/ssltest/analyze.html?d=crypto.cat

More information about the cryptography mailing list