"That's why the code is open source," he said. As an alternative, nongovernmental organizations could set up their own Cryptocat servers, Kobeissi said.
#Cryptocat csecurity software
Tiny packages containing Raspberry Pis and the Cryptocat server software could also be sent to regions in need. He's also planning to purchase some of the US$25-$35 Raspberry Pi mini-computers under development by the Raspberry Pi Foundation.
#Cryptocat csecurity android
There already is an add-on application for Google's Chrome browser, and Kobeissi expects to release native applications for iOS and Android later this year. Kobeissi has plans for quite a few Cryptocat improvements. By using a ".onion" URL for Cryptocat, the Cryptocat server will not know the users' true IP addresses, Kobeissi said. But you have to understand that when you tell people to rely on your software for their lives, you better be 100,000 percent sure you know what you are doing."Ĭryptocat's code is open source, and Kobeissi has published details on how its encryption works in order to get feedback from other cryptology specialists.Īs an added security measure, Cryptocat is compatible with TOR (The Onion Router), a worldwide network that make web surfing more anonymous by randomly routing traffic through its servers. "I'll tell activists to use it in maybe five years," Kobeissi said. Still, there are limitations with Cryptocat, mostly because it hasn't been as rigorously tested as PGP and OTR, which have been vetted by the world's best cryptographers, Kobeissi said. Kobeissi has worked other features into the web-based client, including the ability to invite Facebook friends and send encrypted files to another person. Even if an attacker seizes a server running Cryptocat, the conversations would be meaningless and impossible to decrypt. Kobeissi said only recently have web browsers incorporated JavaScript engines powerful enough to use very long encryption keys. The encryption and decryption keys are only stored within a person's Web browser, providing true end-to-end encryption. A user creates a chat session, picks a nickname and then types a random string of characters in order to generate the 256-bit AES encryption keys for the public key cryptography system it uses. First, one of its versions is web-based, so no application has to be downloaded. The beauty of Cryptocat is its simplicity. OTR must be downloaded, installed and configured, and both parties having a conversation must have it enabled in order for the messages to be encrypted. There are proven encryption technologies for instant messaging, such as PGP (Pretty Good Privacy) and OTR (Off The Record), an add-on encryption program for IM applications such as Pidgin and Adium.īut PGP can be "difficult to use for people who aren't computer geeks," Kobeissi said. Messages are encrypted when transmitted, but those conversations are decrypted on the servers running those services, potentially allowing interlopers to record them. Many of those applications implement SSL (Secure Sockets Layer), an encryption protocol that underpins e-commerce transactions. Instant messaging programs are widely used, but there are security issues that make them less than ideal for activists.
0 kommentar(er)
