[cryptography] DeCryptocat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://tobtu.com/decryptocat.php DecryptoCat v0.1 cracks the ECC public keys generated by Cryptocat versions 1.1.147 through 2.0.41. Cryptocat version 2.0.42 was released Feb 19, 2013 which increased the key space from 2^54

Re: [cryptography] DeCryptocat

On 2013-07-05 6:34 AM, Silas Cutler wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 a negative one. > http://tobtu.com/decryptocat.php DecryptoCat v0.1 cracks the ECC public keys generated by Cryptocat versions 1.1.147 through 2.0.41. Cryptocat version 2.0.42

Re: [cryptography] DeCryptocat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/07/13 22:07, James A. Donald wrote: > 106 bits is still far too small. Seems to me that they only > increased it as needed to defeat DecryptoCat, not as needed to > defeat an NSA farm running dedicated special purpose hardware. > > Why not use

Re: [cryptography] DeCryptocat

On 2013-07-05 7:18 AM, Michael Rogers wrote: The choice of curve wasn't the problem - they were using Curve25519 but messing up the random number generation. Ah, I see. They have company. ___ cryptography mailing list cryptography@randombit.net htt

Re: [cryptography] DeCryptocat

Hello everyone, I urge you to read our response at the Cryptocat Development Blog, which strongly clarifies the situation: https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/ Thank you, NK On 2013-07-04, at 11:38 PM, James A. Donald wrote: > On 2013-07-05 7:18 AM,

Re: [cryptography] DeCryptocat

Nadim Kobeissi: > Hello everyone, > I urge you to read our response at the Cryptocat Development Blog, which > strongly clarifies the situation: > > https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/ > Has there been a rotation of the certificate and keying materia

Re: [cryptography] DeCryptocat

On 2013-07-05, at 3:15 AM, Jacob Appelbaum wrote: > Nadim Kobeissi: >> Hello everyone, >> I urge you to read our response at the Cryptocat Development Blog, which >> strongly clarifies the situation: >> >> https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/ >> >

Re: [cryptography] DeCryptocat

Nadim Kobeissi: > > On 2013-07-05, at 3:15 AM, Jacob Appelbaum wrote: > >> Nadim Kobeissi: >>> Hello everyone, >>> I urge you to read our response at the Cryptocat Development Blog, which >>> strongly clarifies the situation: >>> >>> https://blog.crypto.cat/2013/07/new-critical-vulnerability-in

Re: [cryptography] DeCryptocat

On Jul 5, 2013, at 12:01 AM, Jacob Appelbaum wrote: > Nadim Kobeissi: >> >> On 2013-07-05, at 3:15 AM, Jacob Appelbaum wrote: >> >>> Nadim Kobeissi: Hello everyone, I urge you to read our response at the Cryptocat Development Blog, which strongly clarifies the situation:

Re: [cryptography] DeCryptocat

On 2013-07-05, at 6:15 AM, Matthew Green wrote: > > > On Jul 5, 2013, at 12:01 AM, Jacob Appelbaum wrote: > >> Nadim Kobeissi: >>> >>> On 2013-07-05, at 3:15 AM, Jacob Appelbaum wrote: >>> Nadim Kobeissi: > Hello everyone, > I urge you to read our response at the Cryptocat De

Re: [cryptography] DeCryptocat

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 07/05, Nadim Kobeissi wrote: > On 2013-07-05, at 3:15 AM, Jacob Appelbaum wrote: > > Has there been a rotation of the certificate and keying material for > > all services that serve CryptoCat chat traffic? > > Rest assured we're working on it as

Re: [cryptography] DeCryptocat

Nadim Kobeissi: > > On 2013-07-05, at 6:15 AM, Matthew Green > wrote: > >> >> >> On Jul 5, 2013, at 12:01 AM, Jacob Appelbaum >> wrote: >> >>> Nadim Kobeissi: On 2013-07-05, at 3:15 AM, Jacob Appelbaum wrote: > Nadim Kobeissi: >> Hello everyone, I urge you to r

Re: [cryptography] DeCryptocat

On 2013-07-05, at 6:59 AM, Cool Hand Luke wrote: > Signed PGP part > On 07/05, Nadim Kobeissi wrote: > > On 2013-07-05, at 3:15 AM, Jacob Appelbaum wrote: > > > Has there been a rotation of the certificate and keying material for > > > all services that serve CryptoCat chat traffic? > > > > Re

Re: [cryptography] DeCryptocat

Nadim Kobeissi writes: >AES-GCM is already prioritized over RC4, but unfortunately most browsers >don't support AES-GCM yet, which is why RC4 remains as the secondary choice. >In the case that AES-GCM is not supported, we use RC4 instead of AES-CBC in >order to mitigate for BEAST. If you have alt

Re: [cryptography] DeCryptocat

Il 7/5/13 5:29 AM, Nadim Kobeissi ha scritto: Rest assured we're working on it as an extra precaution (as mentioned in the blog post). Also, our services use SSL forward secrecy. NK What's about embeding Tor binary (build as library) within the CryptoCat plugin and abbandon internet/SSL issu

Re: [cryptography] DeCryptocat

On 2013-07-05, at 6:14 PM, Douglas Huff wrote: > > On Jul 4, 2013, at 22:09, Jacob Appelbaum wrote: > >> Nadim Kobeissi: >>> ... >>> AES-GCM is already prioritized over RC4, but unfortunately most >>> browsers don't support AES-GCM yet, which is why RC4 remains as the >>> secondary choice. In

Re: [cryptography] DeCryptocat

On 2013-07-05, at 7:09 AM, Jacob Appelbaum wrote: > Nadim Kobeissi: >> >> On 2013-07-05, at 6:15 AM, Matthew Green >> wrote: >> >>> >>> >>> On Jul 5, 2013, at 12:01 AM, Jacob Appelbaum >>> wrote: >>> Nadim Kobeissi: > > On 2013-07-05, at 3:15 AM, Jacob Appelbaum > wrote

Re: [cryptography] DeCryptocat

Nadim Kobeissi: > Sorry, I wasn't meaning to avoid any questions. I simply forgot to > answer them. It's best to assume good will from others on a > discussion list. Glad to hear it. > > I do not know how many users choose forward secret protocols, nor do > I imagine there is a standardized or e

Re: [cryptography] DeCryptocat

Il 7/5/13 8:34 PM, Jacob Appelbaum ha scritto: "Module ngx_http_ssl_module supports the following built-in variables: "$ssl_cipher returns the cipher suite being used for the currently established SSL/TLS connection "$ssl_protocol returns the protocol of the currently established SSL/TLS connec