Regarding user base, this might sound disingenuous, but I very honestly don't care all that much. I think that's how Cryptocat can be most useful right now. The reason for the desktop switch is more related to the fact that I wanted to redirect the project to become a Pidgin replacement. Signal's current desktop application mimics exactly the software development framework used by the previous Cryptocat (2.*). The browser environment has improved dramatically, and, quite frankly I think in small part due to my own early work. The network protocol was awful, though, I'd need to use a better algorithm than randomly connecting to nodes and syncing. It was only 200 or 300 lines of python, but was actually pretty usable. I actually worked on something like this. But that scales horribly, even if you used P2P. (And strip out a key marker telling GPG or w/e which key to use). The important thing would be to sign, THEN encrypt. Most of them will fail, since it's not to them. Everyone else gets the full list of messages sent since they last checked, and tries to decrypt each one of them. Encrypt a message (and sign), and post it publicly. You can have a near-perfect crypto system where both sender and reciever are hidden, message size is padded, and has a random delay and uses tor to hide the IP address (along with the E2E crypto). Padding gets rid of the message size issue and random delays get rid of the timestamp issue (Pick a time between now and 24 hours in the future, send it then). Well, and sender/receiver and timestamp and message size (and IP addresses if the client doesn't use Tor, which it very likely doesn't require). I'm still around answering questions since I browse Reddit once or twice a day anyway. It's a pleasure discussing the software with you. However I'll be happy to take questions (in the uncertain event that this post gets upvoted at all.)Įdit: I want to sincerely thank everyone for the keen interest and worthwhile discussion. It's basically completely different, new software that just shares the name. Major points are that it's no longer browser-centric but rather Pidgin-like desktop software, and that it uses Axolotl. The software is very, very different now from its original incarnation, but I won't explain much here since the website's Security page (and help page/codebase/etc.) already covers most of it. Now that the software has been completely rewritten, it seems fitting to post a second invitation for you all to take a look. This is the forum where I posted something about Cryptocat for the very first time, five years ago. Thanks for flying air /r/netsec || CISO AMA w/ Michael Coates & Rich Mason.r/vrd - Vulnerability Research and Development r/rootkit - Software and hardware rootkits r/REMath - Math behind reverse engineering r/netsecstudents - netsec for noobs students r/Malware - Malware reports and information r/crypto - Cryptography news and discussion We're also on: Twitter, Facebook, & Google + Related Reddits » Our fulltext list of prohibited topics & sources Social No populist news articles (CNN, BBC, FOX, etc.) » Our fulltext discussion guidelines Prohibited Topics & Sources » Our fulltext content guidelines Discussion Guidelinesĭon't complain about content being a PDF.įollow all reddit rules and obey reddiquette. Hiring posts must go in the Hiring Threads. Non-technical posts are subject to moderation. r/netsec only accepts quality technical posts. "Give me root, it's a trust exercise." Featured Posts A community for technical news and discussion of information security and closely related topics.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |