From the "For our technical readers" paragraph, it's unclear what cryptography model you are going for. On the one hand you say that the private key (albeit password protected) is sent to the server after it is generated, but on the other you say that only public key and encrypted data are sent to the server. Is the model fundamentally the same as Lavabit's, which was so devastatingly critiqued a few weeks ago by Moxie Marlinspike? [1]
Separately, how do you deal with the fundamental weakness of browser based security?[2] You say that the software will be open source, but will there be any mechanism to verify that the served javascript libraries on any particular visit match the sources on github? Will there be any minimization / compilation that would make such verification difficult or impossible to accomplish?
Lavabit's model involved sending/receiving cleartext data to/from the server, and you had to trust that the server-side would not store that plaintext. In our model no unencrypted data, except for the public key, is ever sent to the server. All encryption is done inside your browser.
For your second question, all resources for the site, including javascript, are served over SSL. This will prevent about 99% of MITM tampering attacks. While we can't overcome the inherent weakness in SSL, or guarantee against compromise on the server-side, we are working on a browser extension which will check the code you receive from the server against what is in the repository, so you can at least be alerted of any inconsistencies.
And since the website is all open-source, we're going to make it simple to host it yourself, if you want to be extra-sure that it's not compromised.
EDIT: By "website" I'm referring to the frontend, in-browser code
> When you go to Cryptic all files that you receive will be received over SSL. This is to ensure that you’re getting the correct code, and not a version compromised by some attacker.
This is the Lavabit way, I believe. However, it could be solved using a browser extension.
Cryptic will have a browser extension that will automatically verify the received code against a signed hash (also easily verifiable) on the open source repo. It is fundamentally different than Lavabit since everything that interacts with raw data is open source and verifiable. Someone is going to notice if the website is tampered with.
You guys really might want to release a browser extension (and/or native apps) instead of a website. You're going to have a serious uphill battle convincing anyone in the security community that your webapp is secure against tampering. Even with code signing/verification.
Also, open-source it now! I've been in the process of launching something similar (think, client-side encrypted Evernote/Pinterest geared towards programmers/creatives/collaboration) and a lot of the great feedback I've gotten is from people checking out the source. Most of the people who care about the crypto aspects these days are the ones with 1s and 0s running through their heads, at least a good portion. They're going to want to see code.
Thanks! It's been open sourced since conception, here's the repo: https://github.com/cryptic-io/web. We choose a website because it has the smallest barrier of entry. We are planning on releasing a browser extension that would verify the code on the website against the open source repo to prevent tampering. We are planning on making a native app in the future as well.
I'm a happy user of Tarsnap. Why should I consider this solution? Also (playing devil's advocate for a moment) what's the best reason you can give for me to just keep using Tarsnap?
I've never personally used tarsnap so take everything I say with a grain of salt here. But Cryptic offers a much easier experience for the average user, being that it's entirely in-browser and not cli-based. We also give users the ability to share their files with others through the browser, which I don't think is as straightforward with tarsnap.
To play the devil's advocate, if you're already a happy user of tarsnap then you (like me, in fact) are probably quite comfortable on the command-line, and may even prefer it. As of right now Cryptic doesn't have a command-line utility, although building one is definitely on our radar! But until then you may find it more comfortable. Thanks for checking us out though!
Sorry about that, let me try to clear things up:
Cryptic itself is a online file storage, so there is really only the cloud version of Cryptic (for now).
1. The kickstarter is to fund development and servers for the online file storage + web app.
2. Anything client side will be open sourced, and can be self-hosted. You could host the Cryptic site right now locally, and use a local version to interface with cryptic servers.
Separately, how do you deal with the fundamental weakness of browser based security?[2] You say that the software will be open source, but will there be any mechanism to verify that the served javascript libraries on any particular visit match the sources on github? Will there be any minimization / compilation that would make such verification difficult or impossible to accomplish?
[1] http://www.thoughtcrime.org/blog/lavabit-critique/
[2] see e.g. http://www.matasano.com/articles/javascript-cryptography/