
Cryptocat for iPhone and Android – Call for Review - magikarp
https://blog.crypto.cat/2013/12/cryptocat-for-iphone-call-for-review/?nocache
======
iagooar
You know that using a .cat domain for something not related to Catalan culture
or language is not allowed by the conditions established by ICANN and Fundació
puntCAT?

You have only translated the main page (with Google Translator...) to make it
look like you have some Catalan content there. That's naughty.

"In order to be granted a .cat domain, one needs to belong to the Catalan
linguistic and cultural community on the Internet. A person, organization or
company is considered to belong if they either:[4]

    
    
      1. already have content in Catalan published online.
      2. have access to a special code (sometimes called ENS), issued during special promotions or by agreements with certain institutions.
      3. develop activities (in any language) to promote the Catalan culture and language.
      4. are endorsed by 3 people or 1 institution already using a .cat domain name."
    
    

Read more about it:
[http://en.wikipedia.org/wiki/.cat](http://en.wikipedia.org/wiki/.cat)

~~~
Thiz
I've always wondered what is so special about catalan? Why do they deserve a
special three letter domain nobody else has?

Who should I address a letter to request for the wayuu culture to have a .way
tld?

~~~
iagooar
The thing is, the Catalan community has a very strong presence on the
Internet.

As an example, the Catalan version of Wikipedia currently has +400.000
articles, being the 17th biggest.

To make clear what this means, you have to know that Catalan isn't even under
the 100 most spoken languages worldwide (it has about 7 million speakers). So
there is 1 article for every 17.5 people. Compared to the English version (4.4
million articles, 700 million speakers = 1 article every 159 people), or the
Spanish one (1 million articles, 460 million speakers = 1 article every 460
people!), it is quite impressive.

So why would they want an own .cat domain? Because as a non-independent
country / nationality, they are not allowed to have a two letter domain.
Still, they wanted to be represented on the net so there was the PuntCAT
foundation which did a huge effort in order to obtain the three letter .cat
domain, but as it was sponsored, I imagine that they decided to restrict the
usage of it to websites that have something to do with Catalan culture, or at
least are written in Catalan.

I must say the Catalan culture and political movement is a pretty interesting
topic itself, but I didn't want to make this post political, but rather
interesting for "teh techies".

~~~
MichaelGG
Provinces can get ccTLDs - Taiwan has .tw.

Sponsoring and getting .cat is a pretty cool workaround, though.

~~~
rahimnathwani
Can provinces really get ccTLDs? I thought .tw existed because Taiwan has an
ISO country code:
[http://www.iso.org/iso/country_names_and_code_elements](http://www.iso.org/iso/country_names_and_code_elements)

Having said that, I'm not sure why the UK (whose country code is GB) uses .uk

~~~
MichaelGG
IANA considers .tw to be "Taiwan, Province of China", as does that ISO link.
As I understand, China pretty much bullied everyone else into not recognizing
Taiwan so the rest of the world (like the UN) agrees Taiwan isn't a country.
That's why one reason Microsoft asks for your Region, not country.

There appear to be other ccTLDs like .IO and .AQ that aren't countries.
(Probably more.)

And I'm just being pedantic.

~~~
rahimnathwani
Both IO and AQ are ISO country codes as well. I'm not sure why.

------
pablobaz
Easy to be snarky about this. But I admire their persistence.

In the face of the extensive criticism they could have just given up.

Instead they have acknowledged making mistakes, didn't give up, learnt from
the mistake and changed their subsequent behavior. This is admirable.

~~~
DanBC
Compare them to underground dentists -

Bob has no medical training, but has a dremel and practiced on a pig head. He
offers to do a filling for his pal. He makes a bit of a botch of it, but he
larns from his mistake and carries on. Dentistry is important so it's
admirable that Bob ignores the criticism. Bob's first pal is currently
fighting off a severe infection, but Bob uses that as a learning experience.

Bob will get there one day!

~~~
tcdent
Except, this is software.

My favorite expression when things get heated: "Nobody is going to die."

There are exceptions, of course, but a vast majority of the work we do just
doesn't matter in the context of life and nature.

~~~
sdevlin
> "Nobody is going to die."

This isn't accurate, e.g. [http://cryptome.org/2012/07/chile-
comments.htm](http://cryptome.org/2012/07/chile-comments.htm) .

Bad crypto is actually much more dangerous than a single rogue dentist.

~~~
tcdent
Bad crypto doesn't kill, people/organizations with a fucked up agenda do.

I thought this past year taught us that no information is safe. To expect that
any system is entirely secure and ever will be is pure egotism.

~~~
sdevlin
Then what's the point?

------
jug6ernaut
I will say from skimming over the source tree the amount of code in
CryptoCat(android) is surprisingly light. This is very refreshing compared to
other chat applications which are unnecessarily huge.

Will be definitely going over this later.

~~~
magikarp
Cryptocat for Android is particularly unfinished so far. I would be surprised
if you _don 't_ find bugs inside. Cryptocat for iPhone is currently a lot more
mature, but similarly still needs peer review.

We have a commissioned audit for both apps, but it won't be starting for
another two weeks. Thanks SO MUCH for your interest. We rely on security
enthusiasts for comments and advice.

------
sneak
If your multiparty protocol is actually something you want scrutinized, why
not follow the accepted model and make a c library reference implementation
and release a research paper outlining the basis for your design decisions?

"Hey guys, here's the code, file some bugs for software that is of no use for
you to spend time auditing" is pointless.

Adium has an incentive to read the libotr sources. Every user has a small
incentive to read kernel sources.

Nobody has any meaningful incentives to read the cryptocat homebrew multiparty
cryptosystem except the few you've paid to do so. This is cargo cult peer
review; it looks like you're doing it but it doesn't actually yield the
intended results.

PS: glad to see you switched to OTR for two party. You should have done that
years ago, but at least you wised up in the end. Hopefully nobody got killed
or tortured in the process.

~~~
magikarp
It's true that we don't have a research paper per se for the multiparty
protocol, but we do have a specification document [1] as well as
implementations in Objective-C, Java and JavaScript. The specification, as
well as the implementations, have received both professional audits (from
cryptographers) as well as community audits. The reason we don't have a
research paper published is simply because we're working on one right now — a
redesign of the multiparty protocol based on OTR. We have cryptographers on
board from various Canadian universities and are organizing an internal forum
to get them to collaborate on this. We expect publishable results by June
2014.

Regarding OTR, we actually switched to that 16 months ago — it's not exactly
like we recently wisened up.

[1] [https://github.com/cryptocat/cryptocat/wiki/Multiparty-
Proto...](https://github.com/cryptocat/cryptocat/wiki/Multiparty-Protocol-
Specification)

~~~
sneak
> as well as implementations in Objective-C, Java and JavaScript.

Factor the ObjC version out to plain C, and call into it from your Objective C
implementation. Make the plain C version the canonical version. (Things like
Emscripten may be useful here for your JS use-case.) This is how libotr does
it, and for good reason.

Then, others can use it, and perhaps you will get meaningful free auditing.
What you're doing now probably won't attract that because unless your bug
bounty is six-figures, nobody competent will spend any significant amount of
time auditing it because they have no incentive to do so.

~~~
magikarp
Everything you've said in your comment is good advice. Once the paper I've
mentioned is ready, we will have this kind of implementation.

------
fosap
And why the hell should i use a app that is written by know poeple that
prooven they have no clue about crypto? Why shouldn't i use one of the many
apps that support OTR?

~~~
magikarp
Cryptocat's private chat uses OTR. Our group chat function uses an open and
studied multiparty protocol. Generally, our security bugs have been
implementation errors much more than protocol design errors.

Surely, the best we can do as a community project is open up our code for more
volunteers and experts to help and take a look. :-)

~~~
fosap
Great to hear that you switched to older and audited code. Could you explain
what relationship this app has to the javascript version?

~~~
magikarp
There are currently three Cryptocat clients:

* Cryptocat: The original client. It's a signed browser extension that you download and install in your browser. It offers OTR implemented in JavaScript in a friendly chat interface. We take every precaution to make JavaScript more secure, such as using a signed browser extension to prevent code delivery MITM, using native cryptographically secure random number generation, and so on. More info on our JavaScript approach at my personal blog: [http://log.nadim.cc/?p=33](http://log.nadim.cc/?p=33)

* Cryptocat for iPhone: No JavaScript here! This is an app written in Cocoa Touch/Objective-C that implements OTR and our multiparty group chat protocol. It's really quite a simple app compared to what we had to do to put encrypted chat in the browser. It's new and needs review! Find bugs! Help a cool open source project! We'll send you rewards!

* Cryptocat for Android: No JavaScript here! This is an app written in Java that implements OTR and our multiparty group chat protocol. It's really quite a simple app compared to what we had to do to put encrypted chat in the browser. It's new and needs review! Find bugs! Help a cool open source project! We'll send you rewards!

All three clients are made to be 100% inter-operable.

~~~
n3bu
I guess the third one should be the android version.

~~~
magikarp
Derp. Fixed. Thanks!

------
bqe
Glad that they're taking security seriously. It's a sharp difference from how
they used to do things[1]. However, I'd still like to see either an explicit
bug bounty (there's one implied here) or a paid audit.

[1]: [http://blog.cryptographyengineering.com/2013/03/here-come-
en...](http://blog.cryptographyengineering.com/2013/03/here-come-encryption-
apps.html)

~~~
magikarp
From my perspective, we've been taking security seriously a year+. Our first
commissioned audit was in November 2012, and we've had a bug bounty since then
as well: [https://crypto.cat/bughunt/](https://crypto.cat/bughunt/)

This isn't, of course, to say that there haven't been vulnerabilities. But I
have to stand behind our mitigation and disclosure policy as being very highly
responsible and transparent.

So far, we've had three paid audits, with two more lined up, and regularly
reward community bug-finders. We're planning more competitions for Cryptocat
Mobile in March and April, with prizes such as iPhones and Nexus Phones. :-)

~~~
lemonlimebubble
Hi, I am working on a security-focussed startup. We have a rough cut of our
initial product offering due in the next month and are trying to get initial
trial users and customers on board to help us demonstrate interest.

How do you manage to afford to finance the audits and bug bounties? We have
found that some potential customers want to see us get security audited before
trusting our solution, but from what we can tell this is a multi-hundred
thousand dollar cost and requires us to freeze development while it takes
place. We currently have zero day-to-day budget and runway for 6 months. How
have you afforded it?

~~~
magikarp
> How do you manage to afford to finance the audits and bug bounties?

Public donations from our website and funding from public institutions and
NGOs. Currently, our audits are funded by the Open Technology Fund:
[https://www.opentechfund.org](https://www.opentechfund.org)

Generally, our funding tends to be very limited though, so sometimes we have
to ask someone to do an audit for cheaper than they usually would, seeing as
we're an open source project with no source of revenue.

 __EDIT __: Forgot to mention, we have no funding for bug bounties. I pay all
bug bounties out of my own pocket. I don 't mind, I feel the money is very
well-spent.

Good luck with your startup!

~~~
lemonlimebubble
Ah, so basically, as a for-profit company aiming at a B2B enterprise product,
we are screwed in this regard until we have the capital to absorb the audit
cost through either revenue or investment. Oh well.

------
utnick
can you give some screenshots or videos of the fingerprint showing mechanism?

My biggest concern with cryptocat is that this info is kind of hidden and not
bubbled up to the user.

In the web version, the way its handled makes it possible for the server
operator to replace who you are talking to mid-conversation without warning
unless you click a fingerprint button before and after every message you send
which nobody is going to do

I know there is an issue for this on the web version (
[https://github.com/cryptocat/cryptocat/issues/463](https://github.com/cryptocat/cryptocat/issues/463)
), just wondering if the mobile ones take a different approach.

------
pikachu_is_cool
How are you guys going to get Cryptocat on the iPhone app store? Apple rejects
GPL-licensed apps.

~~~
aaronharnly
Is that the case? I thought it was more that the GPL rejects distribution on
the App Store.

~~~
pikachu_is_cool
Are you seriously saying that it is the FSF's fault? It's Apple's fault. They
didn't have to make the iPhone a closed platform.

------
diminoten
So there's a DC hackathon[0] taking place this weekend, and Cryptocat is on
the list of projects to work on.

I imagine the Android and iOS apps would be ripe targets for bug finding
adventures, but are there any places specifically that could use the kind of
scrutiny that such an event could provide?

[0] - [http://www.eventbrite.com/e/dc-internet-freedom-hackathon-
ti...](http://www.eventbrite.com/e/dc-internet-freedom-hackathon-
tickets-9306081741)

~~~
magikarp
Yup! I'm leaving for D.C. tomorrow and will be at that hackathon. Please come
and help!

------
poolpool
Man they are a glutton for punishment.

~~~
magikarp
I like to think that the Cryptocat team and myself have matured beyond the
point where we consider security disclosures to be punishment, but rather
something to be expected when handling a project that wields experimental
technology. We're trying to be adults by adopting principles of full
disclosure, mitigation, transparency, public involvement, and making sure our
process is tweaked to prevent the repetition of past mistakes.

