[dead_phish]

I was mostly on board with this, until I saw Crypto-Cat front and center on their 'new projects' page. If anything, it's a step backwards for cryptography. Saying that you're secure and can be trusted, when the underlying model is broken is not a good way to promote 'modern cypherpunk'-ism.

I think there's a heavy dose of self-absorption going on here.

Link to the most recent breakdown on Cryptocat I could find. https://datavibe.net/~sneak/20130717/cryptocat-considered-ha...

[makomk]

Cryptocat is a little better than it used to be, thanks to the developers dropping most of their homebrew crypto and implementing a version of the OTR protocol. Apparently they've even finally implemented authentication using SMP challenges, which was a major usability issue compared to traditional OTR clients. Until very recently, the only way to be sure someone wasn't running a man in the middle attack was to manually compare key hashes over an authenticated channel (and you had to do this every session at one point). The OTR developers had already discovered years earlier that this was enough of a pain that most people didn't bother and developed a more user-friendly alternative, but sadly it involved some fairly exotic crypto that the Cryptocat developers took an age to implement.