[ale] OT fyi CryptoCat allows instant easy encrypted chat

Michael Trausch mbt at naunetcorp.com
Fri Aug 2 10:11:06 EDT 2013 

Like anything else, the security that it gives is proportional to one's understanding of its application and usage. I have zero experience or knowledge of CryptoCat, other than I follow its author on Twitter and I think he might be a legitimate white hat individual. But I would not trust the source without reading it myself or having had it read by someone whose opinion i trust on such matters, such as a real security professional. 

Security in today's world is nothing to joke about. The only thing I can say for sure is that if a person does not know about security themselves and doesn't choose to lean on a trustworthy source for security information, they will be compromised at some point without enough mitigation to be safe.

Time tested solutions are also great from a security viewpoint. For example, many people have vetted Tor and understand how it works. OpenVPN is a most excellent means to privately communicate with a network you control, whether personal or corporate. Both are understood and widely deployed and audited. That does not ensure or guarantee perfect security, but it increases my confidence that it is a truly secure solution. 

Sent from my iPhone

On Aug 2, 2013, at 8:46 AM, Pete Hardie <pete.hardie at gmail.com> wrote:

> I've seen some stuff on the net claiming that cryptocat is not as secure as it claims - YMMV
> 
> Pete Hardie
> --------
> Better Living Through Bitmaps
> 
> 
> On Thu, Aug 1, 2013 at 7:16 PM, Ron Frazier (ALE) <atllinuxenthinfo at techstarship.com> wrote:
>> Hi all,
>> 
>> I wanted to pass along some info about a way to instantly set up an encrypted chat session.  I thought this had been on the list before, but I searched my email archive and couldn't find it in the ALE folder.  So, please forgive if this has already been mentioned.  Maybe I was on another list when it was mentioned.
>> 
>> Anyway, CryptoCat is a project that allows you to set up private encrypted peer to peer and group chats almost instantly.  It's very quick and easy to use after installing the browser plugin.
>> 
>> https://crypto.cat/
>> 
>> It's still a work in progress, so you would have to read the docs on the site and determine how much faith you want to put in it.
>> 
>> There was a weakness in prior versions from 2.0 - 2.0.42 which weakened the group chat.  Private chats were not affected.  The blog suggests upgrading to 2.1.* where the problems have been fixed.  Apparently there was a weakness in the random number generator.
>> 
>> https://blog.crypto.cat/
>> 
>> Some people on the DC-404 list recommended not using this for anything too sensitive, and I certainly wouldn't bet my life on it.  However, I would use it if I just wanted to do a quick chat that I didn't want snooped on and needed moderate security.  I have used it once after someone I was communicating with suggested skype and I mentioned misgivings about that.  The process was very painless and we were chatting to each other within 5 minutes after I got the link from him.
>> 
>> Here's the link to the Firefox plugin.
>> 
>> https://addons.mozilla.org/en-US/firefox/user/kaepora/
>> 
>> It also works on Chrome, Safari, and Mac.  I guess my IE friends and family are out of luck.
>> 
>> Sincerely,
>> 
>> Ron
>> 
>> 
>> -- 
>> 
>> (PS - If you email me and don't get a quick response, you might want to
>> call on the phone.  I get about 300 emails per day from alternate energy
>> mailing lists and such.  I don't always see new email messages very quickly.)
>> 
>> Ron Frazier
>> 770-205-9422 (O)   Leave a message.
>> linuxdude AT techstarship.com
>> Litecoin: LZzAJu9rZEWzALxDhAHnWLRvybVAVgwTh3
>> Bitcoin: 15s3aLVsxm8EuQvT8gUDw3RWqvuY9hPGUU
>> 
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130802/03e38b1c/attachment.html>

More information about the Ale mailing list