Crypto.cat
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 90 | |
| Author | ||
| License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/40275 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FOSDEM 201365 / 90
2
5
8
10
12
13
14
15
17
19
21
24
25
28
29
31
32
34
36
39
40
43
44
46
50
51
52
54
55
57
58
62
65
66
67
78
79
87
88
00:00
Thomas KuhnCryptographyNormal (geometry)Open sourceTwitterProjective planeProduct (business)Open sourceSoftwareWeb browserUsabilityEncryptionOnline chatComputer animationLecture/Conference
00:30
Multiplication signInformation securityStaff (military)Projective planeSource codeJSON
01:15
CryptographyRegular graphWeb browserWeb browserPlug-in (computing)EncryptionData conversionSoftwareCryptographyTheory of relativity1 (number)Server (computing)TelecommunicationEndliche ModelltheorieWeb 2.0CASE <Informatik>Information securityGoodness of fitFacebookWindowMathematicsScripting languageOrder (biology)Web pageAutomatic differentiationNeuroinformatikAnalogyOnline chatExpected valueView (database)
04:18
Coma BerenicesInformation privacyGraphical user interfaceCryptographyProjective planeCryptographySoftware testingEncryptionOpen setOnline helpPower (physics)Data conversionComplex (psychology)FingerprintPeer-to-peerLimit (category theory)Video gameWeb browserRight angleBasis <Mathematik>Level (video gaming)Graphical user interfaceEndliche ModelltheorieGoodness of fitSoftware bugStress (mechanics)Service (economics)Term (mathematics)CASE <Informatik>Latent heatCommunications protocolInformation privacyProduct (business)VideoconferencingRegular graphFormal verificationExpert systemFilm editingWorkstation <Musikinstrument>Constructor (object-oriented programming)Control flowTable (information)Sinc functionStudent's t-testReliefWebsiteFeedbackPlug-in (computing)Automatic differentiationVector potentialInformation securityField (computer science)AuthenticationBeat (acoustics)EmailXMLUMLLecture/Conference
12:47
MereologyComputer-assisted translationCovering spaceLecture/Conference
13:02
Endliche ModelltheorieCommunications protocolShooting methodProxy serverPhysical systemAxiom of choiceCovering spaceWater vaporPasswordElectronic mailing listGraph coloringPattern languageLecture/Conference
14:54
Event horizonLecture/Conference
15:10
Web pageData storage deviceCovering spaceRandomizationOrder (biology)Lecture/Conference
15:29
Electronic mailing listFeedbackService (economics)ImplementationEncryptionMoment (mathematics)Right angleData conversionPasswordCommunications protocoloutputInternet forumOnline chatLecture/Conference
Transcript: English(auto-generated)
00:00
Hello, thank you for being here. I'm Kulfi, also known as Daniel Foucault, and I'm presenting CryptoCat. So, CryptoCat is a project created by Nadim Kobeissi, also known as Kaepora, on Twitter. And CryptoCat is, of course, open source software, and it does
00:21
chat room encryption in the browser, and it's focused on usability by non-experienced users, I mean normal people, and it looks like this. So, the question you might ask yourself is, why CryptoCat? Why do we need something new? In the security community, we don't like new things very much, because we like using proven stuff,
00:45
stuff that has been proven to work, and is known for years. Every time someone comes with a new project, new idea, we always must ask ourselves, do we need something new, or can we do it with the existing stuff, can we avoid making new things that will have new mistakes, and fall into pitfalls, and
01:06
make everything look bad. So, why do we need CryptoCat? Because right now, we have OTR. OTR is great, it works perfectly. So, why do we need something else than OTR? So, first, OTR doesn't do chat rooms. So, that means that OTR can only do
01:21
one-on-one conversations. You can only have a secure communication with one other person. And it looks like a very tiny problem, that's something important, but in fact, the use cases we are seeing nowadays is that communities need to have secure communications. Not only a pair of individuals,
01:43
but communities. And we cannot ask for everyone to have 15 windows open to talk with 15 other people, and try to have a working organization like that. It doesn't work. It's not realistic. So, we need something that works in a chat room. We need to bring
02:02
encryption to communities. Not only to individuals, but to communities. And the other big problem, there is right now, is that we have great tools. We have very good cryptography, but people still use Google Gtalk, people still use Skype, people still use Facebook chat, and
02:20
people get spied on because of that. They get arrested, some people get killed because they use those solutions. We have some answers to those problems, but they are not used. And cryptography cannot work if it's not used. So, Cryptocat is trying to fix both problems. So, how will it do it?
02:42
First, Cryptocat works in a browser. It's a browser plugin, but it works in a browser that takes care of a few problems. The first one being a multi-platform. Another one is that everyone who wants to have secure conversations already has most of the software in his computer, because nowadays everyone has a browser.
03:06
You only need to fetch the plugin, but most of the browser, you have it already. Another thing is, I don't know if any of you have tried to convince his loved ones and relatives to stop using Facebook chat and start using PG and GT or anything that can use OTR only
03:24
for you, and always with you, and don't use anything else with you. It doesn't work. You will lose a lot of friends. So, at least with a browser plugin, we don't need people to change all their habits, because they will not do it if it's too hard.
03:41
Another thing is that it's a browser plugin approach. At first, Cryptocat used JavaScript served by the server in a web page, and it turns out it was a terrible idea. Terrible, terrible idea. Basically, it completely breaks the threat model of Cryptocat, and we cannot expect to have security with that approach.
04:03
Nadim would say that currently a browser are not ready for JavaScript encryption. That's another debate. And, of course, just because it's proven to be broken and just because it doesn't work doesn't mean a big company software will try to implement it and claim it is secure.
04:21
Sorry. Next, it's eye candy. That's a very big issue. We need it to be eye candy, because people should not fear the powerful tools we give to them. People will not use PG or anything that has complicated fingerprints and search. When people
04:40
understand what they use and to feel confident what they use, they do not overcrowd them with features and buttons. They need to get right to the features, and it has to be beautiful to be used. In terms of a regular XMPP, so nothing new there, nothing complicated. It works, so
05:00
we use it. And it has a multi-party encryption protocol. That is what Cryptocat brings to the table. It's loosely based on OTR, but it's not OTR, so do not expect to have possible deniability. We don't have it yet. We may have it in the future, but right now it's not there. But yeah, because OTR is such a great protocol, we try to
05:21
use a specification as a model and to make it look like OTR, because it's a good basis. And, of course, when you want in a chat room to have a private conversation with one person, we use a regular OTR. Because it works, and there is no need to make to reinvent the wheel, and
05:42
there is no reason not to. So what does the project need right now? So, of course, we need testing by people who need cryptography, JavaScript, anything that the project uses for obvious reasons. And for less obvious reasons, we need testers that have no idea
06:01
what encryption is, what JavaScript is, what the browser is. The most uneducated, they are the best. That's simply because the people we are targeting are those people. Not the power users, not me, not probably you. Because we already have,
06:21
we know how to use cryptographic tools. We need other people to use them, and for that we need Cryptocat to fit their needs. And when regular testers like us give feedback, we do not see that things are not obvious. We do not see what other people might miss, what they might need, and we are not objective.
06:43
So we need real people who really don't know about that, who are not used to secure conversations, to do that, and to give us feedback to tell us, I didn't know what the fingerprint was, it wasn't clear enough, I didn't find the fingerprints, it didn't pop up good enough, that is missing, this command, I didn't know it existed. We need to fix that, because it's their needs we need to address, not ours.
07:06
It's their needs. We also need a lot of research on multiparty chatroom encryption, because it's something that's relatively new. It's a new field, and there isn't nearly enough research on it.
07:22
They may, and there will be, non-obvious implications on doing multiparty chatroom encryption. It adds a lot of complexity to what you can expect, to how we do encryption, how we do authentication, and such. So we really need academic research to be done on that field, to know what are the limitations
07:45
of what we are doing, and what you can expect, what you cannot expect, and if it's at all possible to do in a secure manner. We need peer review, of course. That's another debate, because to me, peer review in the cryptography community is basically broken.
08:01
There are a few projects to unbreak it from cryptodotis, check it out. But yeah, we need it, we need to bring peer review, because it doesn't happen on itself. And currently, Cryptocat, another project, do not have nearly enough peer review, even if they look popular, even if a lot of people use it. Experts and such do not
08:21
review it as they should, as we want them to do it. So we need people to come in and read the specification, read the code, because there is a lot of things we are missing, we may miss, and we will miss. And yeah, we need peer review, and it doesn't happen just because of popularity.
08:41
The peer review also helps with finding flaws and improvements to make, and to implement those improvements, we need coding hands. So we need people who know JavaScript, who are used to browser plugins, who are used to encryption, because there are a lot of things we already identified, but haven't fixed yet because of lack of
09:02
coding hands. And we need more testing, because there will never be enough testing. There will always be a bug that we missed, and we need a lot of testers. So, public service announcement, rapidly. Please, please, please, please, please, I cannot stress this enough, don't let the GUI mislead you. It's beautiful right now, because Nadeem
09:25
likes 8-bit stuff, he's very good at making things look good, but it may look like a finished product, but it is not. It's still a very young protocol, it's still in early age, early stages,
09:41
and it cannot be considered ready for life in these situations. It may look like a very, very slick project, that's already working, that already does everything right, but believe me, it's not the case. Right now, we cannot consider it safe for life in this scenario. So if you, if something goes wrong, and
10:03
all the encryption breaks, and nothing gets encrypted, if in that case you are in danger, please don't use CritoCAD. But, the good news is, it's it's not that bad, actually. It's ready for the everyday privacy, so with your friends, with communities, lesbian and gay communities,
10:25
but just don't use it when your adversary may kill you, may imprison you, or for very, in very serious situations, just use it. We need people to use it, so please use it, don't prevent from using it.
10:40
But if it's a very dangerous situation, please use something else, or go back to OTR, or things that are very finished, and reviewed, and proven, because CritoCAD is not yet that product. But, nevertheless, it's a very good project, and it has a lot of potential,
11:02
and maybe, with your help, we can achieve that level of security, of being proven, and maybe one day it may be a very useful tool for life in this situation, maybe one day it will be ready for that, and then maybe one day it will change something in the field, but
11:23
we need people, and we need help to achieve that goal, and the more people come, the earlier we are ready for those situations. So, please come join us. Here is the website, the specification, threat model, the IRC channel, the GitHub,
11:40
please open issues, be it for bugs, improvements, proposals, everything that's useful, we need your help, and even just opening a debate, opening a conversation, if do you think that's good, that's bad, just open a debate, it's a really great help, because other people will join in, and the
12:03
conversation will go on, and very useful stuff usually comes out of those debates. Yes, please come join us. If you want to twirl with me, I will be outside, either in the corridor or in the cold, and please come twirl me, be it for criticism, be it constructive or not, twirling, suggestions, comments, and there.
12:28
And if you have questions, we have three minutes for a small Q&A session. Really? Ouch. Would someone have a question? Okay.
12:43
You're running fast. Small questions, I really like CryptoCats, even if I'm coming from the crypto part and so on, but are you working on specifically on the covert channel part, because I think
13:00
of the covert channel, the covert channel, so are you yeah Mm-hmm Okay The thing is, right now, we have to choose those choices. We need to discuss whether we want for example, a public list of channels and
13:23
passwords to enter channels or not. I'm talking about hiding the protocol inside another protocol. Yeah, so for example, the thing is, a lot of those protocols are detected by, if you, for example, use this protocol in Iran or in Israel, whatever, you get intercepted and you get detected because the protocol has a specific pattern.
13:44
You can, for example, use CryptoCats over Tor. That would be useful. But you know, Tor is blocked in some countries. Yeah, but there is the OBFS proxy system that obfuscates the Tor protocol, so there is a lot of work in Tor to make it
14:00
pass through every sensor chip, every filtering, so my advice would be to use CryptoCats over Tor. Anything you want to be covered by a protocol, use Tor. So you will use a different protocol for doing the covering of your protocol? Yeah, it's not in the CryptoCats threat model to take care of that problem. It should be
14:23
Tor does it well, and I don't think CryptoCats should really obfuscate itself right now. Okay, thank you. Keep it simple.
14:44
Another question? Just as an example of a covert channel that might be interesting to attack, you're trying to, obviously you're trying to hide what people are talking about,
15:03
but if you look at the traffic and see that they always talk, they're always active on days following certain events, then you can make a guess about what they're talking about. So then you might want to be able to cover things like that. For that you can use Tor every day, and each day
15:22
you browse random pages or use Tor for everything. But then do you need this at all if you use Tor? That's an interesting question, but yeah, you could implement chatroom encryption with Tor hidden services. Some people have tried that, but
15:43
yeah, it's another approach. It may work, it may not. The cool thing about CryptoCats is that it relies on XMPP, so you don't need to set up a Tor hidden service and search to make it work. It just takes a few moments to keep it simple, stupid, and
16:01
if there is a real need to completely change the CryptoCat protocol, why not? But right now until there is a reason to, a good reason to make it more complicated, we keep it simple. There was a question right there, I think. Sir? He raised his hand twice, but I think he had a question. No?
16:25
Is he ignoring me? Hello? You had a question? You, yeah? You? Do you have a question or not? You're kidding me.
16:43
Will you allow futures like using passwords to join a chatroom? Yeah, that's what, that's what I thought was the first question. That's a good question. We are thinking about it, but the thing is we don't know yet if we should use the name of the conversation as a
17:04
password like some pastebin does. If there should be a password in there to enter the chat, how do we set it up? Who manages this password? So there are several ways to achieve that and we're not focused on the one right now. I have an idea, but
17:21
we have to discuss it. Before we implement stuff, we need to discuss it because people should give feedback and maybe our ideas are very stupid and people should tell us it's stupid. So right now we haven't decided of a way to do it yet, but it's something we need to do. The thing is, the name of the chatroom is one thing, but you can basically just look at every name and
17:44
exactly. Right now, you cannot list the exact, you cannot make a list of all the chatrooms and that's that. But yeah, we need to improve that and we need to find a system and if you have inputs or idea, please come, open an issue ticket. I think there is one open for that. If not, open it and open the debates. We need it.