Patrick Mylund Nielsen: > On Tue, Jul 9, 2013 at 9:22 AM, Eugen Leitl <[email protected]> wrote: > >> On Tue, Jul 09, 2013 at 09:12:21AM -0400, Patrick Mylund Nielsen wrote: >>> If it's so easy, go ahead and produce a more secure alternative that >> people >> >> You mean something like http://dee.su/ ? >> >> And http://dee.su/cables ? >> >> > No, I mean an alternative to Cryptocat (i.e. an OTR client with multiparty > communication) that is more secure, and as easy to use. >
While Cryptocat has OTR - the multi-party communication is not the OTR protocol. Cables is as easy to use as email. Generally it is used with an email client. If you boot liberte - there is little to no configuration beyond establishing communication and verifying that you've done so correctly. Once that is done, you do not need to do it again - a key defense against active attackers. As I understand things this critical step (verification and persistence, or merely verification in a usable manner) cannot be done in CryptoCat at the moment. Active attackers will win against everyone without verification. The last bug ensured that *passive* attackers won against everyone on the main server and they would also win against everyone not using forward secret TLS modes. As I understand, we do not have numbers on how many users are using the less secure TLS modes. Please read this page: https://www.ssllabs.com/ssltest/analyze.html?d=crypto.cat On three computers near me, I see it using non-forward secret modes today - SSL_RSA_WITH_RC4_128_SHA - this isn't good news. This also means that if CryptoCat's security may be reduced to SSL, it is now possible to reduce that to plaintext by forcing disclosure of the current website's key. This may happen legally or it may happen through exploitation. I'm not sure why CryptoCat doesn't just exclusively offer everything with forward secret modes, and encourage everyone else to upgrade their browser when they use a less secure mode? I suggested this to Nadim on another mailing list, I'm not sure if he is working on this already? Perhaps so? I hope so... In any case, "more secure than CryptoCat" is not a high bar during the time of this bug. Any CA could have subverted the very little security provided the web browser trust model. Also the security provided by non-forward secret TLS connections is a really serious problem. If you mean "as easy to use" as a plugin in a browser and that it can be as secure as just chatting over HTTPS protected servers without any other security, I think that the requirement is not proportional. Usability is absolutely critical - but we're not looking to build usable software without any security - if we were, we'd all be using Facetime, Skype, GChat and so on, without any complaints. All the best, Jacob -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
