[cryptography] DeCryptocat

Matthew Green matthewdgreen at gmail.com
Fri Jul 5 00:15:49 EDT 2013



On Jul 5, 2013, at 12:01 AM, Jacob Appelbaum <jacob at appelbaum.net> wrote:

> Nadim Kobeissi:
>> 
>> On 2013-07-05, at 3:15 AM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>> 
>>> Nadim Kobeissi:
>>>> Hello everyone,
>>>> I urge you to read our response at the Cryptocat Development Blog, which strongly clarifies the situation:
>>>> 
>>>> https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/
>>> 
>>> Has there been a rotation of the certificate and keying material for all
>>> services that serve CryptoCat chat traffic?
>> 
>> Rest assured we're working on it as an extra precaution (as mentioned in the blog post). Also, our services use SSL forward secrecy.
> 
> I'm not really assured and I think I should clarify something that is
> perhaps slipping past like a ship in the night. I went to crypto.cat in
> Chrome only to find myself not connected in a forward secure manner.
> 
> According to ssllabs[0], CryptoCat supports some odd SSL/TLS configurations:
> 
> Protocols
> TLS 1.2     Yes
> TLS 1.1     No
> TLS 1.0     No
> SSL 3.0    Yes
> SSL 2.0  No
> 
> Further more - it appears that CryptoCat supports
> SSL_RSA_WITH_RC4_128_SHA, as well as other non-forward secure modes Is
> there really any reason to support such a mode with 3DES in 2013 for
> this kind of service?
> 
> Also, I'm not sure if this is obvious but it appears that many users may
> be using SSL 3.0:
> 
> Chrome 27     SSL 3     TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)  Forward
> Secrecy     128
> Firefox 21     SSL 3     TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)  Forward
> Secrecy     128
> Internet Explorer 10     SSL 3     TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
> Forward Secrecy     128
> Safari iOS 6.0.1    TLS 1.2     TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)
> Forward Secrecy     128
> Safari 5.1.9     SSL 3     TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)  Forward
> Secrecy     128
> 
> RC4 is not my favorite choice when all the other crypto has failed.
> 
> Do you know how many users are impacted? How many users are actually
> choosing the forward secret protocols?
> 
> All the best,
> Jacob
> 
> [0] https://www.ssllabs.com/ssltest/analyze.html?d=crypto.cat
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography


More information about the cryptography mailing list