On 2013-07-09, at 10:29 AM, Jacob Appelbaum <[email protected]> wrote:
> Patrick Mylund Nielsen: >> On Tue, Jul 9, 2013 at 9:22 AM, Eugen Leitl <[email protected]> wrote: >> >>> On Tue, Jul 09, 2013 at 09:12:21AM -0400, Patrick Mylund Nielsen wrote: >>>> If it's so easy, go ahead and produce a more secure alternative that >>> people >>> >>> You mean something like http://dee.su/ ? >>> >>> And http://dee.su/cables ? >>> >>> >> No, I mean an alternative to Cryptocat (i.e. an OTR client with multiparty >> communication) that is more secure, and as easy to use. >> > > While Cryptocat has OTR - the multi-party communication is not the OTR > protocol. > > Cables is as easy to use as email. Generally it is used with an email > client. > > If you boot liberte - there is little to no configuration beyond > establishing communication and verifying that you've done so correctly. > Once that is done, you do not need to do it again - a key defense > against active attackers. As I understand things this critical step > (verification and persistence, or merely verification in a usable > manner) cannot be done in CryptoCat at the moment. Active attackers will > win against everyone without verification. The last bug ensured that > *passive* attackers won against everyone on the main server and they > would also win against everyone not using forward secret TLS modes. As I > understand, we do not have numbers on how many users are using the less > secure TLS modes. > > Please read this page: > > https://www.ssllabs.com/ssltest/analyze.html?d=crypto.cat > > On three computers near me, I see it using non-forward secret modes > today - SSL_RSA_WITH_RC4_128_SHA - this isn't good news. Hi Jacob, You've said a lot about Cryptocat's SSL configuration — can you recommend a better configuration that is similarly compatible? Thanks, NK > > This also means that if CryptoCat's security may be reduced to SSL, it > is now possible to reduce that to plaintext by forcing disclosure of the > current website's key. This may happen legally or it may happen through > exploitation. I'm not sure why CryptoCat doesn't just exclusively offer > everything with forward secret modes, and encourage everyone else to > upgrade their browser when they use a less secure mode? I suggested this > to Nadim on another mailing list, I'm not sure if he is working on this > already? Perhaps so? I hope so... > > In any case, "more secure than CryptoCat" is not a high bar during the > time of this bug. Any CA could have subverted the very little security > provided the web browser trust model. Also the security provided by > non-forward secret TLS connections is a really serious problem. > > If you mean "as easy to use" as a plugin in a browser and that it can be > as secure as just chatting over HTTPS protected servers without any > other security, I think that the requirement is not proportional. > > Usability is absolutely critical - but we're not looking to build usable > software without any security - if we were, we'd all be using Facetime, > Skype, GChat and so on, without any complaints. > > All the best, > Jacob > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at [email protected] or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
