Forbes
Monday, July 30, 2012
http://www.forbes.com/sites/jonmatonis/2012/07/30/cryptocat-increases-security-in-move-away-from-javascript-encryption/
Announced over the weekend, encrypted chat service Cryptocat will soon be accessible only by downloading a local browser extension for Mozilla Firefox and Google Chrome. Beta release date for version 2 is currently set for August 18th.
This major revision highlights an important and ongoing debate in the market for secure privacy-related software applications. Should convenient usability for a broad non-techie demographic trump increased tech-savvy security in a world of imperfect and varying threat models? Responding to feedback from the security and cryptography communities, developer Nadim Kobeissi justifies the modifications from web-based app to installed client in the Cryptocat blog,
"We understand that pushing this change strongly lowers immediate accessibility to those who don’t have the Chrome or Firefox extension installed, but we do believe that the security benefits outweigh the accessibility disadvantages in this case. Installing a Chrome or Firefox extension is a one-minute process in most cases and affords the user protection against a variety of threats."This is a positive step especially if the original extension download is from a known, trusted source and/or verified against a strong cryptographic hash function. But herein lies the heart of the problem, because the entire web security architecture rests upon the integrity of the embedded SSL certificate authority (CA) system. The existing presumption, correct or not, is that original downloads occur in a relatively safer network environment than recurring usage. Today, there is no total solution -- only the striking of a satisfactory balance. At the far end of the security spectrum, end users ideally would verify original download against hashes that were published or distributed in offline fashion. But does that introduce too much complexity for the average web surfer? What good are cryptography and security tools if they're not used?
Since the temporary detainment of Kobeissi at the U.S. border in June of this year, the Cryptocat application has been more publicly visible. With this increased scrutiny comes a renewed focus on overall security as Cryptocat continues to move beyond experimental phase.
The Cryptocat Project has always stated that, with its encrypted instant messaging, it does not protect you against hardware or software keyloggers and that it does not anonymize you by default. Although they do offer a Tor hidden service at xdtfje3c46d2dnjd.onion for anonymization.
They have also cautioned chat users about potential threats to the web-based version. Also, client-side JavaScript encryption has its limitations since it would still be susceptible to a server-side code poisoning attack executed either through a man-in-the-middle attack or the service provider acting maliciously or subject to jurisdictional court order. This existing vulnerability was the driving factor behind the above modifications as browser-based crypto is not seen as sufficient protection from determined State-level actors.
The Cryptocat 2 beta release will deploy transparently as an XMPP client with Off-the-Record Messaging (OTR) encryption protocol requiring username and password at log in (although it's not clear yet if XMPP account will be retained on server). According to Kobeissi, "We understand that the requirement of a username and password destroys the capacity to use Cryptocat to set up instant chat rooms, but we also believe that standardizing Cryptocat into an XMPP client is worth it." The industry standard OTR protocol was chosen for its security and interoperability with other XMPP clients, such as Pidgin and Adium.
Privacy advocates should welcome these fundamental enhancements. I also applaud the fact that Cryptocat drives the effort for the first working multi-party OTR specification and that they are developing native Cryptocat applications for mobile, including iOS, Android, and BlackBerry.
[Note: Many writers have associated Javascript cryptography to refer to 'browser Javascript' by default. Please see http://www.matasano.com/articles/javascript-cryptography/ ]
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.