Dropsafe

by Alec Muffett

I know some of my colleagues will complain, but my discovery of the week is #CryptoCat https://crypto.cat/

Unless they are falling asleep on the job I strongly suspect that Ben Laurie and Tom Ptacek will let rage mercilessly about the lack of wisdom* of doing crypto in the browser, but I do like CryptoCat – and not just for the cute video:

Cryptocat Adventure! from Nadim Kobeissi on Vimeo.

The concept is squarely in line with my desire to see autonomous secure communication between individuals, and if it could be done point to point (or even peer to peer) I would be even happier.

So long as the weaknesses are understood by the user, I love this.


* let’s see, issues include:

  • browser bugs
  • sniffing stuff (keys, plaintext) out of the DOM
  • trust issues with respect to where you retrieve the pages
  • how ‘hard’ the crypto can be in such an environment
  • forged/spoofed identities (compare: permanent OTR keys)

I suspect they can add many, many more.

Comments

2 responses to “I know some of my colleagues will complain, but my discovery of the week is #CryptoCat https://crypto.cat/”

  1. Max Allan

    It would be nice to see them offer it as a package that you could host yourself. I can’t imagine it’s a huge amount of code. Apache with SSL and a chat app and something to make sure that nothing gets logged.

    For “autonomous secure” thing : could maybe DIY something point-point from a command line with nc/ssh tunnels and extensive use of various pipes?

    Reply
  2. #WiReD is @butthurt that @csoghoian called them out. They’re wrong. /cc @rsingel @runasand #cryptocat – dropsafe

    […] was right. The media – me included, in my small way – tend to say “woo shiny new toy” at the slightest provocation – and in the case of Cryptocat we can be quite happy that […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts