Hacker News new | past | comments | ask | show | jobs | submit login

What are your thoughts on crypto.cat and do you think a similar poisoning to hushmail is possible with their model?



Crypto.cat seems to be a browser extension only model now, which is a lot better. I don't use it and haven't looked at it seriously, so I don't know what kind of auto-updating it does, which would be a problem. Assuming the authors (or someone else in control of their extension-submitting password) wanted to serve malicious code, they'd either need to get users to manually download a "bad" extension, or auto-update. To the extent that the browser vendors can be trusted, this isn't as big a problem -- you couldn't backdoor just a given ephemeral applet, so someone might catch it. OTOH, I think a browser vendor could choose to give a single user a "bad" extension, and could modify it themselves without crypto.cat's involvement, so you can only trust it as much as you trust the weakest of Apple, Microsoft, Google, Mozilla, Crypto.Cat, or anyone who can technically or legally compromise any of them.

Crypto.cat internally implements OTR now, so it has forward secrecy. So all of these attacks are around gaining limited access -- to the contents sent using the exploited application.

The old javascript version was at risk to cloudflare, the crypto.cat team, and everyone else. Plus browser exploits. It was horrible. The worst part was the crypto.cat developers responded very...emotionally...to any criticism of their security, which kind of detracted from the whole thing.

This whole "binaries distributed by a third party" model used on mobile and for browsers does expose a lot of problems. Since there isn't a strong cryptographic signature on the binaries linked to a key uniquely controlled by a developer and securely distributed to the end user and verified in something the user can trust, the platform or store vendors (Apple, Microsoft, Google, Mozilla, ...) can pretty much screw users at will. (they can just use a different trusted key to sign the binary).

The old "distribute source code with PGP signatures or signed hashes of the tarballs" is still the best way to distribute secure software.

My #1 feeling about crypto.cat is extreme envy for the Catalan domain name.


Thank you very much for the detailed reply, I am glad I asked, I would never have thought of any of that!




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: