Hacker News new | past | comments | ask | show | jobs | submit login

Wrong, if the cryptocat server was compromised then the source could be changed to send everything as plaintext or to send the encryption key to a third party.



Free sticker if you can tell the thread an even more plausible vulnerability, where the attacker can't directly change the source code in the .js files, that would be equally fatal to a scheme like this.


A third party can use a carefully crafted ettercap filter to force the user to download an alternate .js file


They'd need to defeat https first.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: