![]() ![]() ![]() One important feature of the ‘new’ encryption apps is that they recognise this concern. In this case you’retruly dependent on their good behaviour.* This works fine if the server really is trustworthy, but it’s huge problem if the server is ever compromised - or forced to engage in Man-In-The-Middle attacks by a nosy government.Īn even worse variant of this attack comes from services that actually store your secret keys for you. Clients depend fundamentally on a central directly server to obtain their encryption keys. In this scenario - known as a Man in the Middle(MITM)attack - all the encryption in the world won’t help you.Īnd this is where most ‘end-to-end’ commercial services (like Skype and iMessage) seem to fall down. The problem here is simple: if I can compromise such a service, then I can convince you to use my encryption key instead of your intended recipient’s. The real challenge turns out to be distributing users’ encryption keyssecurely, that is, without relying on a trusted, central service. That’s because actually encrypting stuff is not the interesting part. However - and this is a critical point - ‘end-to-end encryption’ is rapidly becoming the most useless term in the security lexicon. This has even gotten Skype and Blackberry into a bit of hot water with foreign governments. In fact, these days almost everyone advertises some form of ‘ end-to-end encryption‘ for your data. First, the apps we’ll talk about here are hardly the only apps that use encryption. A couple of notes…īefore we get to the details, a few stipulations. In no particular order, these are Cryptocat, Silent Circle, RedPhone and Wickr. To take a crack at answering these questions, I’m going to look at four apps that seem to be getting a lot of press in this area. How solid are they? What makes them different/better than what came before? And most importantly: should you trust them with your life? Given what’s at stake, it seems worthwhile to sit down and look carefully at some of these new tools. At the same time, I worry that too much hype can be a bad thing - and could even get people killed. After all, I’ve spent a lot of my professional life working on crypto, and it’s nice to imagine that people are actually going to start usingit. This is exciting stuff, and I want to believe. In June 2014, Cryptocat was ranked first in a three-month study evaluating the security and usability of instant messaging encryption software, conducted by the German PSW Group.It seems like these days I can’t eat breakfast without reading about some new encryption app that will supposedly revolutionise our communications - while making tyrannical regimes fall like cheap confetti. In November 2013, Cryptocat was banned in Iran, shortly after the election of Iran's new president Hassan Rouhani who had promised more open Internet laws.Ĭryptocat is developed by the Cryptocat team and is released under the GPLv3 license. In June 2013, Cryptocat was used by journalist Glenn Greenwald while in Hong Kong to meet NSA whistleblower Edward Snowden for the first time, after other encryption software failed to work. The chat software aims to strike a balance between security and usability-offering more privacy than services such as Google Talk or Internet Relay Chat, while maintaining a higher level of accessibility than Pidgin. Cryptocat is offered as an app for Mac OS X or as a browser extension for Google Chrome, Mozilla Firefox, Apple Safari, Opera and as a mobile app for iPhone.Ĭryptocat's stated goal is to make encrypted communications more accessible to average users. Cryptocat uses end-to-end encryption and encrypts chats on the client side, only trusting the server with data that is already encrypted. ![]() Cryptocat is an open source web and mobile application intended to allow secure, encrypted online chatting. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |