![]() ![]() This caused keys to be super easy to crack (2^27.1 time and memory). The masquerading bug was added May 7th, 2012 when they switched to ECDH and fixed April 19th, 2013. When I looked at their commit history I found that the small private key bug was worse because the key was a decimal string masquerading as an array of 17, 15 bit integers. I found three bugs small private keys for group chat, bad random generation, and improper use of random (this is in a library they use called BigInt). Which might let them decrypt old captured messages. They have generated a new private key, to prevent someone from breaking into their server and stealing it. Meaning we have to trust that Cryptocat didn't store/transfer encrypted messages or leak their SSL private key. ![]() So this just means that it was host based security. Yes this is scary but I believe everything is/was over https. If there is a next version I'll probably "steal" some code from curve25519-donna and add support for GPUs. I suggest doing a 2*10^8 and 10^8 split unless you actually have a bunch of captured conversations or you want to test if the people you are talking to have upgraded. This only requires tens of gigabytes to store.ĭoing a 2*10^8 and 10^8 split it will take an hour to generate and half an hour to crack any private key with that data. So 2^54.15 turns into 2^27.08 and 2^106.3 to 2^53.15.įor Cryptocat versions before 2.0.42, doing a split of 2*10^9 and 10^7 it takes about a day to calculate data needed to crack any key in few minutes. June 15th, 2013 FireFox approves first 2.x version of Cryptocat that is not using short ECDH private keys.ĭecryptoCat v0.1 cracks the group chat ECDH public keys generated by Cryptocat versions 1.1.147 through 2.0.41.Ĭryptocat version 2.0.42 was released which increased the key space from 2^54.15 to 2^106.3.ĭecryptocat takes advantage of a meet-in-the-middle attack called baby-step giant-step you can effectively square root the key space. June 3rd, 2013 I patched ECDH now private keys are uncrackable. May 7th, 2012 ECDH introduced and is broken with DecryptoCat.Īpril 19th, 2013 ECDH is no longer easy to break, but still crackable by governments and large companies. October 17th, 2011 Diffie-Hellman private keys were reduced to crackable. Here is the old post where I was less nice (it is a longer read with a little more detail). You must update Cryptocat to at least 2.1.12 to be safe from known problems. TLDR: If you used group chat in Cryptocat from October 17th, 2011 to June 15th, 2013 assume your messages were compromised.ĭSA is probably broken in one-to-one chat over OTR.
0 Comments
Leave a Reply. |