Nadim,
The only major difference I see (assuming you're asking about the
product and not the threats Cooper lays out) is the persistence. It
appears you can set up projects and store encrypted data on their
servers. This certainly opens you up to other threats but I don't see it
serving the same market as CryptoCat, namely it's going after a business
audience that just doesn't want Google having all their files/chats/etc
in the clear on some server somewhere whereas my take on CryptoCat is
that it facilitates secure non-persistent multiparty chat.
Oh, and the two factor authentication is interesting for login is
interesting.
Jason
On 3/22/2013 5:03 PM, Nadim Kobeissi wrote:
How is this any different from Cryptocat?
NK
On Fri, Mar 22, 2013 at 4:59 PM, Cooper Quintin
<coo...@radicaldesigns.org <mailto:coo...@radicaldesigns.org>> wrote:
I had a chance to try out crypho a couple of weeks ago at a demo they
put on at noisebridge. I have some concerns about it, namely the
delivery of crypto code over javascript without any sort of
verification
of it's authenticity (via browser plugin, etc.), since this point has
already been discussed to death on this list however, I do not wish to
re-open that debate.
I managed to find a couple of javascript injection attacks in the beta
already, though the developer assures me that they are working on
fixing
all the bugs right now, still the lack of attention to basic web
security at such an early stage is concerning.
That aside it seems okay, though I have some worries about side
channel
attacks and the fact that it hasn't been peer reviewed as far as I can
tell yet.
It does seem like an interesting project though, with some smart
people
behind it. I am looking forward to seeing the code once they open
source it.
Cooper Quintin
PGP Key ID: 75FB 9347 FA4B 22A0 5068 080B D0EA 7B6F F0AF E2CA
On 03/22/2013 01:48 PM, R. Jason Cronk wrote:
> Anybody know the people who are doing this? http://www.crypho.com/
>
> It's still in beta, so I'm assuming they are working out bugs
prior to
> releasing the code which they say they will do. See
> http://www.crypho.com/faq.html
>
>
> Is it Open-Source?
>
> Yes! We are reviewing the source code for release. It will be
> available under an OSI approved license in the near future.
>
>
>
>
>
> *R. Jason Cronk, Esq., CIPP/US*
> /Privacy Engineering Consultant/, *Enterprivacy Consulting Group*
> <enterprivacy.com <http://enterprivacy.com>>
>
> * phone: (828) 4RJCESQ
> * twitter: @privacymaverick.com <http://privacymaverick.com>
> * blog: http://blog.privacymaverick.com
>
>
>
> --
> Too many emails? Unsubscribe, change to digest, or change
password by emailing moderator at compa...@stanford.edu
<mailto:compa...@stanford.edu> or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
--
Too many emails? Unsubscribe, change to digest, or change password
by emailing moderator at compa...@stanford.edu
<mailto:compa...@stanford.edu> or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
*R. Jason Cronk, Esq., CIPP/US*
/Privacy Engineering Consultant/, *Enterprivacy Consulting Group*
<enterprivacy.com>
* phone: (828) 4RJCESQ
* twitter: @privacymaverick.com
* blog: http://blog.privacymaverick.com
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu or changing your settings at
https://mailman.stanford.edu/mailman/listinfo/liberationtech
