![cryptocat security cryptocat security](https://blogs-images.forbes.com/jonmatonis/files/2012/07/cryptocat-login.png)
![cryptocat security cryptocat security](https://sm.pcmag.com/pcmag_au/photo/f/fingerprin/fingerprint-security_zyvs.jpg)
So 2^54.15 turns into 2^27.08 and 2^106.3 to 2^53.15.įor Cryptocat versions before 2.0.42, doing a split of 2*10^9 and 10^7 it takes about a day to calculate data needed to crack any key in few minutes. June 15th, 2013 FireFox approves first 2.x version of Cryptocat that is not using short ECDH private keys.ĭecryptoCat v0.1 cracks the group chat ECDH public keys generated by Cryptocat versions 1.1.147 through 2.0.41.Ĭryptocat version 2.0.42 was released which increased the key space from 2^54.15 to 2^106.3.ĭecryptocat takes advantage of a meet-in-the-middle attack called baby-step giant-step you can effectively square root the key space. June 3rd, 2013 I patched ECDH now private keys are uncrackable. May 7th, 2012 ECDH introduced and is broken with DecryptoCat.Īpril 19th, 2013 ECDH is no longer easy to break, but still crackable by governments and large companies. October 17th, 2011 Diffie-Hellman private keys were reduced to crackable. Here is the old post where I was less nice (it is a longer read with a little more detail).
#Cryptocat security update
You must update Cryptocat to at least 2.1.12 to be safe from known problems. TLDR: If you used group chat in Cryptocat from October 17th, 2011 to June 15th, 2013 assume your messages were compromised.ĭSA is probably broken in one-to-one chat over OTR.