DecryptoCat - Cryptocat is run by people that don't know crypto...

[Teddy Rogers]

DecryptoCat

 

TLDR: If you used Cryptocat from October 17th, 2011 to June 15th, 2013 assume your messages were compromised. Also if you or the person you are talking to has a version from that time span, then assume your messages are being compromised. Lastly I think everyone involved with Cryptocat are incompetent.DecryptoCat v0.1 cracks the ECC public keys generated by Cryptocat versions 1.1.147 through 2.0.41. Cryptocat version 2.0.42 was released Feb 19, 2013 which increased the key space from 2^54.15 to 2^106.3. Decryptocat takes advantage of a meet-in-the-middle attack called baby-step giant-step you can effectively square root the key space. So 2^54.15 turns into 2^27.08 and 2^106.3 to 2^53.15. For Cryptocat versions before 2.0.42, doing a split of 2*10^9 and 10^7 it takes about a day to calculate data needed to crack any key in few minutes. This only requires tens of gigabytes to store. Doing a 2*10^8 and 10^8 split it will take an hour to generate and half an hour to crack any private key with that data. I suggest doing a 2*10^8 and 10^8 split unless you actually have a bunch of captured conversations or you want to test if the people you are talking to have upgraded. For Cryptocat version 2.0.42 this will take 1000 computer-years to generate, 500 computer-years on average to use, and 40 petabytes to store. So the only ones capable of doing this are large companies and governments. If there is a next version I'll probably "steal" some code from curve25519-donna and add support for GPUs.

 

 

http://tobtu.com/decryptocat.php

 

Ted.

[deepzero]

ECC seems to be tricky to implement... (winrar, arma, now cc).

[deepzero]

CC dev blog post:

 

https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/

[mrexodia]

yep, typical example of a failed ecc implementation