On 2013-07-02, at 4:17 AM, aort...@alu.itba.edu.ar wrote: >>> Given those shortcomings I think is not wise to recommend it unless your >>> enemy doesn't have the resources of a country. That being said, it's the >>> best tool at the moment, lights year ahead of other popular software >>> like >>> Cryptocat, whose end-point security should be considered not only >>> sub-par >>> but dangerous. (who in their right mind will consider browser crypto?) >> >> It's definitely a new field that needs a lot of work. I invite you to >> read: >> >> The paper describing the improvements we're making for browser crypto: >> http://arxiv.org/abs/1306.5156 >> >> My blog post on the improving state of browser crypto implementation: >> http://log.nadim.cc/?p=33 >> >> NK > > Hi! nice to see that improvements are coming. I was reacting to some > papers reporting about Cryptocat being used to defeat evil governments, > etc. IMHO if the FBI can beat TOR, surely they can beat Cryptocat as > well.
Most definitely true. That kind of reporting is really frustrating. Thankfully, it hasn't happened much in the past year, now that we're taking serious efforts on making sure journalists don't run off and misrepresent our work. > > But I don't blame you. I don't think any real-time chat can ever be made > "safe" and by safe I mean anonymous, because of its low-latency nature. > You can have privacy by using OTR and that's good in many situations, but > won't protect you from somebody with enough money to hire techs and put > some taps. The goal is to make private, encrypted chat (using OTR) more accessible to people who would otherwise use something like Facebook chat. There are definitely a lot of issues that come with going for maximum accessibility, and those are the issues we are trying to address or at least improve upon. :-) NK > > And then your users get killed or thrown into prison and then can't report > any bug. Crypto dev is like that :) > > Best regards, > > Alfred > _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
