This is what the notice published at the time looks like: “IMPORTANT: Due to changes to multiparty key generation (in order to be compatible with the upcoming mobile apps), this version of Cryptocat cannot have multiparty conversations with previous versions. They also highlight the fact that the security hole identified by Thomas can only be used to crack group conversations.Īccording to Cryptocat developers, the period between versions 2.0 and 2.0.42 covered around 7 months, time in which hackers could have easily cracked group chats via brute force attacks.īesides addressing the vulnerability found by Thomas, Cryptocat 2.0.42 also implements some changes in how keys are generated, breaking compatibility with previous versions. They say that only Cryptocat versions between 2.0 and 2.0.42 are plagued by the vulnerability. However, Cryptocat developers have a totally different version of the story. “I would suggest not using Cryptocat as there's no telling how long it will be until they break their public key encryption.” “Cryptocat is run by people that don't know crypto, make stupid mistakes, and not enough eyes are looking at their code to find the bugs,” he said. He has even developed a tool, DecryptoCat, to demonstrate his point. In case you’re using an older variant of Cryptocat, you are advised to update your installation immediately.Ĭrypto expert Steve Thomas claims to have identified a vulnerability that exposes all Cryptocat chats from the period between October 17, 2011, and June 15, 2013.
0 kommentar(er)
