On 2013-07-01 8:55 AM, Nadim Kobeissi wrote:
On 2013-06-30, at 3:44 AM, James A. Donald <jam...@echeque.com> wrote:
On 2013-06-30 5:13 PM, Danilo Gligoroski wrote:
This was expected.
As Skype definitely ruined its reputation as free end-to-end application for
secure communication, other products are taking their chances.
"Agencies showing sudden interest in encrypted comm" ---
http://gcn.com/blogs/cybereye/2013/06/agencies-sudden-interest-encrypted-com
m.aspx
Silent Circle expects end users to manage their own keys, which is of
course the only way for end users to be genuinely secure. Everything
else is snake oil, or rapidly turns into snake oil in practice. (Yes,
Cryptocat, I am looking at you)
You seem to be implying that Cryptocat does not manage keys on the
end-user side. This is false � Cryptocat users do manage their own
keys on the client side, in fact.
According to the paper, there are no long term public and private keys.
ID is therefore wholly username and password
Cryptocat does not currently store long-term key pairs (see x 9.2),
need to be generated, along with DSA pa-rameters, each time
the application is launched
Which of course does not make cryptocat inherently insecure, or fatally
flawed, but nonetheless, does not provide the security that would come
from users managing their own keys, if ever we managed to provide an
interface where users successfully managed their own keys without
screwing up.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography