So this just means that it was host based security. Yes this is scary but I believe everything is/was over https. If there is a next version I'll probably "steal" some code from curve25519-donna and add support for GPUs. I suggest doing a 2*10^8 and 10^8 split unless you actually have a bunch of captured conversations or you want to test if the people you are talking to have upgraded. This only requires tens of gigabytes to store.ĭoing a 2*10^8 and 10^8 split it will take an hour to generate and half an hour to crack any private key with that data. So 2^54.15 turns into 2^27.08 and 2^106.3 to 2^53.15.įor Cryptocat versions before 2.0.42, doing a split of 2*10^9 and 10^7 it takes about a day to calculate data needed to crack any key in few minutes. June 15th, 2013 FireFox approves first 2.x version of Cryptocat that is not using short ECDH private keys.ĭecryptoCat v0.1 cracks the group chat ECDH public keys generated by Cryptocat versions 1.1.147 through 2.0.41.Ĭryptocat version 2.0.42 was released which increased the key space from 2^54.15 to 2^106.3.ĭecryptocat takes advantage of a meet-in-the-middle attack called baby-step giant-step you can effectively square root the key space. June 3rd, 2013 I patched ECDH now private keys are uncrackable. May 7th, 2012 ECDH introduced and is broken with DecryptoCat.Īpril 19th, 2013 ECDH is no longer easy to break, but still crackable by governments and large companies. October 17th, 2011 Diffie-Hellman private keys were reduced to crackable. Here is the old post where I was less nice (it is a longer read with a little more detail). You must update Cryptocat to at least 2.1.12 to be safe from known problems. TLDR: If you used group chat in Cryptocat from October 17th, 2011 to June 15th, 2013 assume your messages were compromised.ĭSA is probably broken in one-to-one chat over OTR.TLDR: If you used group chat in Cryptocat from October 17th, 2011 to June 15th, 2013 assume your messages were compromised.ĭSA is probably broken in one-to-one chat over OTR.
0 Comments
Leave a Reply. |