Cryptocat

Cryptocat
Cryptocat
Cryptocat.png
Developer(s) Nadim Kobeissi
Initial release 19 May 2011 (2011-05-19)
Written in JavaScript, PHP
Operating system Cross-platform
Type Secure communication
License Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License
Website crypto.cat

Cryptocat is an open source web application intended to allow secure, encrypted communication. Cryptocat encrypts chats on the client side, only trusting the server with data that is already encrypted. Cryptocat is served via HTTPS, while also offering a Google Chrome application that loads code locally. Cryptocat intends to provide means for impromptu, encrypted communications that offer more privacy than services such as Google Talk, while maintaining a higher level of accessibility than other high-level encryption platforms.

Contents

Operation

Cryptocat uses AES for message encryption, 4096-bit Diffie-Hellman-Merkle for key agreement, SHA-2 for fingerprint generation (used for authentication), and HMAC for message integrity verification. Since Cryptocat generates new key pairs for every chat, it implements a form of perfect forward secrecy. Cryptocat also provides a mobile website for use on portable devices such as Android phones, and may be used in conjunction with Tor in order to anonymize client connection details from the server side.

Weaknesses

The web version of Cryptocat, while used over HTTPS, is still susceptible to a server-side code poisoning attack should the server be compromised. This is mitigated by using Cryptocat Chrome, which runs all code locally in a similar fashion to Off-the-Record Messaging. Cryptocat may also inherit vulnerabilities that affect its host web browser.

See also

References

External links


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”