10

I've heard from several people that Crypto Cat has some security flaws. Has anyone performed an analysis of the system and written a whitepaper? I'm curious what the flaws specifically are and what solutions could be implemented to fix them.

Charles Hoskinson
  • 325
  • 1
  • 2
  • 14
  • 2
    A few links for _hors d'oeuvre_: [Public Pentest Report: Cryptocat 2](https://blog.crypto.cat/wp-content/uploads/2012/11/Cryptocat-2-Pentest-Report.pdf), [Bruce Schneier on Criptocat](https://www.schneier.com/blog/archives/2012/08/cryptocat.html) and [When It Comes to Human Rights, There Are No Online Security Shortcuts by Patrick Ball](http://www.wired.com/threatlevel/2012/08/wired_opinion_patrick_ball/all/). Oh, and your question is too broad, please [edit] it to be more specific. Thanks! ;) – TildalWave Jun 09 '13 at 05:14
  • The Schneier link is outdated as they changed their architecture after that post. The pentest paper published on the crytocat site sounds more or less exactly what the question is asking for, though. – tylerl Jun 09 '13 at 05:20
  • @tylerl - Yup the Schneier link is more of a reference point for the links and comments there really. Anyway, _hors d'oeuvre_ means _an appetizer_, my comment was in no way an attempt on answering the question. It's far too broad and I wouldn't know where to start really, short of giving my opinion which probably nobody is interested in anyway. ;) – TildalWave Jun 09 '13 at 05:23
  • 1
    @TildalWave thanks for the French translation; I never could understand those guys. But the second link really does answer the question. The question is, *has anyone performed an analysis of the system* and the answer is *yes: here's the report*. – tylerl Jun 09 '13 at 05:35
  • 1
    @tylerl - Hehe, true that. Problem is, that makes this question then just another one in the long line of the LMGTFY ones. I'll add the answer then, reluctantly. Yey the privilege! :) – TildalWave Jun 09 '13 at 05:43
  • 2
    The issue is that a google search wouldn't yield a peer reviewed answer. Misinformation tends to spread fairly rapidly and I'm glad you spent the time to answer my question. Thank you very much Tidal. – Charles Hoskinson Jun 09 '13 at 07:35
  • 2
    I'd like to direct everyone to here: http://tobtu.com/decryptocat.php where this researcher claims to have broken several years of crypto cat encrpytion: @TildalWave – NULLZ Jul 08 '13 at 03:33
  • @D3C4FF - Wow, I've just read it. The most disturbing to me is the pace at which they were changing underlying crypto, which clearly shows they didn't really know what they were doing (and the research shows it glaringly obvious). Cryptocat 2 is still a lot more secure though, so the analysis presented here still stands. It is far from perfect, which is a lot to expect from a host based security as it is, but at least they started acknowledging urgency of implementing crypto better, if they still don't quite get it spot on. :? – TildalWave Jul 08 '13 at 03:58
  • They are getting better and I have faith in their passion. CC, like all open sourced software, is only as good as the user base and the developer base. It's evolved enormously over the last 12 months and I think the team is starting to understand how to implement crypto like professionals. They still have some learning to endure, but they will get there. – Charles Hoskinson Jul 11 '13 at 16:27

3 Answers3

9

I had a conversation with the lead dev of cryptocat and I figured I should post his email here:

From Nadim Kobeissi

With regards to security, Cryptocat has been audited numerous times by professional security companies. Our latest audit from Veracode gave us a score of 100/00: https://blog.crypto.cat/2013/02/cryptocat-passes-security-audit-with-flying-colors/

There's still work to do seeing as the field of browser cryptography is new, but I'm confident that Cryptocat has impressive security.

I invite you to also check out our codebase: https://github.com/cryptocat/cryptocat/

…and documentation: https://github.com/cryptocat/cryptocat/wiki/

NK

Charles Hoskinson
  • 325
  • 1
  • 2
  • 14
8

Has anyone performed an analysis of the system and written a whitepaper?

Yes, here is the Cure53's Public Pentest Report for Cryptocat 2 (PDF), and this is its conclusion:

Conclusion

Cryptocat 2 has reached a great maturity level in a very short period of time. It is commendable that the development team has proven great expertise in the creation of secure code, despite the complexity of the task at hand. While communication process is critical in the dynamically updated framework of audits (both during the assignment and following its completion), it was exceptionally well-handled in this case, resulting in the discussed issues acquiring almost immediate fixes. Let us illustrate that by saying that on several occasions feedback with successful fix notification has managed to reach us concurrently to follow-up email's preparation!

Nevertheless, the problems we have spotted underline the importance of a well-planned and thoroughly implemented security architecture within browser extensions. One has to be reminded that a vulnerability that causes a rather harmless script execution in the web application context, might turn out to become a detrimental privilege escalation or remote code execution when it is discovered and exploited in a browser extension. Cure53 would like to thank Radio Free Asia, the entire Cryptocat development team and Nadim Kobeissi partciularly, for this challenging and all-round professionally-handled project.

EDIT: I would also like to refer you to this @Adnan's simple yet effective explanation on differences between what Cryptocat used to be, and what's the most essential change in it's trust/security model since moving to Cryptocat 2:

By moving the code to a browser plugin, now you need to trust the source only the first time you download code. Communication still happens between you and the server, encryption and decryption still happens in your browser, the code is still JavaScript and HTML5. The only difference here is that next time you connect to CryptoCat servers, you don't need to trust the code they send you. The code in your browser all the time, you can audit it and check it whenever you want.

Please read the whole answer for better perspective on what's being discussed in that thread, I've only included a short excerpt from it, not wanting to impose on Adnan's own efforts.

TildalWave
  • 10,801
  • 11
  • 46
  • 85
6

The security audits not-withstanding, it turns out that until recently Cryptocat had a major flaw that impacted group chats:

http://www.h-online.com/open/news/item/Cryptocat-s-false-sense-of-security-with-crackable-chats-1911793.html

According to security expert Steve Thomas, [group chat] messages sent via Cryptocat between 17 October 2011 and 15 June 2013 are compromised. The security hole affects all versions of the chat software since 2.0, as the hole was only discovered and closed in version 2.0.42. On his web site, Steve Thomas has a massive go at the software developers.

David
  • 161
  • 3
  • 4
    Supreme audit embarrassment. – Fiasco Labs Jul 07 '13 at 22:11
  • While what Steve discovered was necessary and I'm glad he did. His conduct is shameful and absolutely unnecessary. He attacked the developers for a comment in third party code they accepted as a blackbox. It reflects more on Tom than it does the developers at CC. – Charles Hoskinson Jul 08 '13 at 21:05
  • If you're referring to this: http://tobtu.com/decryptocat.php , I see nothing wrong with Steve Thomas being frank about what he found. That page was useful input to the LeastAuthority security review, which will be published shortly. – Daira Hopwood Feb 17 '14 at 23:55