There are two issues IMHO: * SSL flaws/Javascript MITM/bad servers. Your key can be leaked.
* If you already have a way to verify fingerprint PER SESSION, then why use this service? I can only imagine it's because you prefer to type on a computer keyboard on a public access computer than on your phone with an SMS encryption app (used for fingerprint auth). And even then it's not a computer under your control (spyware/wiretapped keyboard). Or if it's in a friends house. 2012-03-31 19:49 skrev Jacob Taylor: It seems that isn't true: https://crypto.cat/about/spec-rev1.2c.pdf (Section 6 in particular) Nadim's response via twitter (until he can get the list working) https://crypto.cat/about/spec-rev1.2c.pdf "Just subscribed, can't seem to reply. It does actually have authentication via fingerprints: https://crypto.cat/about/spec-rev1.2c.pdf"; On Sat, 2012-03-31 at 15:02 +0000, [email protected] wrote: > It seems to lack verification and authorization = easy to MITM. > > > > 2012-03-31 15:49 skrev Mario Contestabile: > > > > You guys have any cypherpunk opinions on > https://crypto.cat/about/spec-rev1.2c.pdf ? > > > It's a "secure" online communication tool, apparently used by > Anonymous. > > > It was developed by Nadim Kobeissi, (yet another Montrealer). > > > Mario > > _______________________________________________ > > cryptography mailing list > > [email protected] > https://crypto.cat/about/spec-rev1.2c.pdf > > > > _______________________________________________ > cryptography mailing list > [email protected] > https://crypto.cat/about/spec-rev1.2c.pdf -- Jacob Taylor (@Aranjedeath) https://crypto.cat/about/spec-rev1.2c.pdf
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
