11/7/2022 0 Comments Cryptocat vs torchat![]() ![]() THIS BREAKS COMPATIBILITY WITH PREVIOUS CRYPTOCAT VERSIONS."Įven though this does not break compatibility at all. When they fixed that bug the commit message was: "Fix private key format to match curve25518-donna. So each of those "15 bit integers" were only the values 0 to 9 (3.32 bits).Īlso the least significant 3 bits are zeroed giving you a key space of 2*10^16 (2^54.15). This made the ECC private keys ridiculously small because they passed a string of decimal digits into a function expecting an array of 17, 15 bit integers.Įach character was considered an element in the array. The bug that lasted 347 days was the confusion between a string and an array of integers. They seem to not understand simple programming concepts such as a byte vs a decimal digit character:īoth comments are wrong since "Cryptocat.randomString(64, 0, 0, 1, 0)" generates a string that is 64 decimal digits which is 212.6 bits or 26.6 bytes. There was a bug in the generation of ECC private keys that went unchecked for 347 days. #Cryptocat vs torchat codeIf there is a next version I'll probably "steal" some code from curve25519-donna and add support for GPUs.Ĭryptocat is run by people that don't know crypto, make stupid mistakes, and not enough eyes are looking at their code to find the bugs.Ĭryptographers know the minimums or at least know you should look them up.Ĭryptocat tried PBKDF2, RSA, Diffie-Hellman, and ECC and managed to mess them all up because they used iterations or key sizes less than the minimums. ![]() ![]() So the only ones capable of doing this are large companies and governments. I suggest doing a 2*10^8 and 10^8 split unless you actually have a bunch of captured conversations or you want to test if the people you are talking to have upgraded.įor Cryptocat version 2.0.42 this will take 1000 computer-years to generate, 500 computer-years on average to use, and 40 petabytes to store. #Cryptocat vs torchat crackThis only requires tens of gigabytes to store.ĭoing a 2*10^8 and 10^8 split it will take an hour to generate and half an hour to crack any private key with that data. So 2^54.15 turns into 2^27.08 and 2^106.3 to 2^53.15.įor Cryptocat versions before 2.0.42, doing a split of 2*10^9 and 10^7 it takes about a day to calculate data needed to crack any key in few minutes. that's incompetence.ĭecryptoCat v0.1 cracks the ECC public keys generated by Cryptocat versions 1.1.147 through 2.0.41.Ĭryptocat version 2.0.42 was released which increased the key space from 2^54.15 to 2^106.3.ĭecryptocat takes advantage of a meet-in-the-middle attack called baby-step giant-step you can effectively square root the key space. If you mess up in all the places I cared to check. ![]() I feel bad about calling them incompetent, but it is true. Lastly I think everyone involved with Cryptocat are incompetent. TLDR: If you used group chat in Cryptocat from October 17th, 2011 to June 15th, 2013 assume your messages were compromised.Īlso if you or the person you are talking to has a version from that time span, then assume your messages are being compromised. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |