On 2013-07-05 6:34 AM, Silas Cutler wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
<Sorry, long time lurker, first time poster. Hate my first post to be
a negative one. >
http://tobtu.com/decryptocat.php
<Brief>
DecryptoCat v0.1 cracks the ECC public keys generated by Cryptocat
<https://crypto.cat/> versions 1.1.147 through 2.0.41. Cryptocat
version 2.0.42 was released Feb 19, 2013 which increased the key space
from 2^54.15 to 2^106.3. Decryptocat takes advantage of a
meet-in-the-middle attack called baby-step giant-step you can
effectively square root the key space. So 2^54.15 turns into 2^27.08
and 2^106.3 to 2^53.15. For Cryptocat versions before 2.0.42, doing a
split of 2*10^9 and 10^7 it takes about a day to calculate data needed
to crack any key in few minutes.
tl;dr -If you used Cryptocat from October 17th, 2011 to June 15th,
2013 assume your messages were compromised. Also if you or the person
you are talking to has a version from that time span, then assume your
messages are being compromised.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
randombit.net/mailman/listinfo/cryptography
106 bits is still far too small. Seems to me that they only increased
it as needed to defeat DecryptoCat, not as needed to defeat an NSA farm
running dedicated special purpose hardware.
Why not use an elliptic curve whose points are, in compressed form,
about 256 bits, which is the size I chose for Crypto Kong, many, many
years ago, when computers were far less powerful. I chose that after
looking at various cracking efforts as the minimum size that I was
pretty sure that the NSA could not beat, then or in the reasonably near
future.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
