![]() SHA-512 for generating 512-bit message authentication codes, shared secrets and key fingerprints.Curve25519 for Elliptic Curve public key generation.AES-CTR-256 for encryption and decryption.The developers have used the following algorithms and technologies to secure communication between users: Any non leaking VPN or proxy connection should suffice though. The developers suggest TOR to overcome this issue. It also needs to be noted that while chat is encrypted, your IP address is not. While you'd then see the new user in the user list, it may happen that you overlook that at first, or have troubles locating the user if there are lots of users in that chat room. It feels a bit strange that there is no option to password protect a chat room, considering that anyone guessing the name could enter it. Options are available to either chat privately with a select user, or publicly to the whole group of users. You see users who joined it on the right, and the actual messages on the left. The chat room looks like all other chat rooms you may have come across. The service creates an encryption key for you during set up. Instead of having to generate and exchange keys before you can even get started, you simply select the name of a chat room and a user name to connect. ![]() Probably the biggest difference to existing secure communication services is the ease of use with which you can get started. CryptocatĬryptocat, available as a browser extension for Firefox, Google Chrome and Safari, may be that alternative. You may use a desktop program for Windows, Mac or Linux instead, or switch to Cryptodog for Chrome which is a fork of the original extension. As an alternative, nongovernmental organizations could set up their own Cryptocat servers, Kobeissi said.Note: Cryptocat was discontinued in 2016. Tiny packages containing Raspberry Pis and the Cryptocat server software could also be sent to regions in need. He’s also planning to purchase some of the US$25-$35 Raspberry Pi mini-computers under development by the Raspberry Pi Foundation. There already is an add-on application for Google’s Chrome browser, and Kobeissi expects to release native applications for iOS and Android later this year. Kobeissi has plans for quite a few Cryptocat improvements. By using a “.onion” URL for Cryptocat, the Cryptocat server will not know the users’ true IP addresses, Kobeissi said. A user creates a chat session, picks a nickname and then types a random string of characters in order to generate the 256-bit AES encryption keys for the public key cryptography system it uses.Ĭryptocat’s code is open source, and Kobeissi has published details on how its encryption works in order to get feedback from other cryptology specialists.Īs an added security measure, Cryptocat is compatible with TOR (The Onion Router), a worldwide network that make web surfing more anonymous by randomly routing traffic through its servers. First, one of its versions is web-based, so no application has to be downloaded. ![]() The beauty of Cryptocat is its simplicity. OTR must be downloaded, installed and configured, and both parties having a conversation must have it enabled in order for the messages to be encrypted. There are proven encryption technologies for instant messaging, such as PGP (Pretty Good Privacy) and OTR (Off The Record), an add-on encryption program for IM applications such as Pidgin and Adium.īut PGP can be “difficult to use for people who aren’t computer geeks,” Kobeissi said. Messages are encrypted when transmitted, but those conversations are decrypted on the servers running those services, potentially allowing interlopers to record them. Many of those applications implement SSL (Secure Sockets Layer), an encryption protocol that underpins e-commerce transactions. ![]()
0 Comments
Leave a Reply. |