

Cryptocat security audit results - rst
https://github.com/cryptocat/cryptocat/issues?milestone=23&page=1&state=open

======
daeken
Is there anything public as to methodology, coverage, and other test info? I'd
really like to see how this test was performed and what was achieved during
that time, for curiosity's sake.

------
rfw
Huh, looking at
[https://github.com/cryptocat/cryptocat/issues/581](https://github.com/cryptocat/cryptocat/issues/581):
"Ciphertext retrieval by joining from non-Cryptocat clients" \-- isn't that
just expected behavior, or am I missing something here?

~~~
computer
You missed the word "invisibly"\-- they can join/watch without showing up in
the Cryptocat client as being present.

~~~
p4bl0
What is the difference between that and someone listening on the network with
a tool such as wireshark? It may be a little to get the ciphered text easier,
but it doesn't weaken the security in any way.

~~~
Zigurd
It means you don't have to be local enough to capture network traffic.

~~~
p4bl0
Fair point.

------
e12e
I keep confusing this project with the old cryptcat (netcat+twofish
encryption).

[http://cryptcat.sourceforge.net/info.php](http://cryptcat.sourceforge.net/info.php)

