Hacker News new | ask | show | jobs
by magikarp 4540 days ago
Cryptocat's private chat uses OTR. Our group chat function uses an open and studied multiparty protocol. Generally, our security bugs have been implementation errors much more than protocol design errors.

Surely, the best we can do as a community project is open up our code for more volunteers and experts to help and take a look. :-)
2 comments
aortega 4540 days ago
It's fine that you have faith in your product but I will believe what you say when other people outside the project confirm it, otherwise is just marketing.

I do not use gnupg because the creators say it's nice, I use it because everybody including their competitors says it's OK.

link
fosap 4540 days ago
Great to hear that you switched to older and audited code. Could you explain what relationship this app has to the javascript version?
link
magikarp 4540 days ago
There are currently three Cryptocat clients:

* Cryptocat: The original client. It's a signed browser extension that you download and install in your browser. It offers OTR implemented in JavaScript in a friendly chat interface. We take every precaution to make JavaScript more secure, such as using a signed browser extension to prevent code delivery MITM, using native cryptographically secure random number generation, and so on. More info on our JavaScript approach at my personal blog: http://log.nadim.cc/?p=33

* Cryptocat for iPhone: No JavaScript here! This is an app written in Cocoa Touch/Objective-C that implements OTR and our multiparty group chat protocol. It's really quite a simple app compared to what we had to do to put encrypted chat in the browser. It's new and needs review! Find bugs! Help a cool open source project! We'll send you rewards!

* Cryptocat for Android: No JavaScript here! This is an app written in Java that implements OTR and our multiparty group chat protocol. It's really quite a simple app compared to what we had to do to put encrypted chat in the browser. It's new and needs review! Find bugs! Help a cool open source project! We'll send you rewards!

All three clients are made to be 100% inter-operable.

link
n3bu 4540 days ago
I guess the third one should be the android version.
link
magikarp 4540 days ago
Derp. Fixed. Thanks!
link