The app advises you to call users over the phone, or by some other means, and ask them to tell you their key. If it's some one carrying out a man-in-the-middle type attack, the key will be different than the one on your screen. During my initial testing, viewing this information caused the app to crash, but this problem was swiftly fixed in an update. You can view your own fingerprints in the upper-right Me menu. The browser version has an easier built-in solution, which uses a shared secret to confirm that someone hasn't intercepted your session this is similar to what RedPhone does. Of course, just because you've confirmed the person's account does not mean that you've confirmed his or her identity. I could create an account called EdSnowdenReal, and give you my fingerprint ID, but I'm not Edward Snowden.Īt the heart of Cryptocat is the Off The Record (OTR) protocol, which is used to achieve perfect forward secrecy. This means that each message is secured with a unique pair of encryption keys. Even if an attacker successfully decrypts one message, she couldn't use the same method to decrypt other, future (or past) messages. OTR also makes it impossible to prove that a specific user sent a specific message, since the messages aren't digitally signed. That's why any user can use any user name in Cryptocat. It can be a bit annoying, but if you were leaking classified documents to the press, you might not want proof that a conversation had occurred, or that you were a part of it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |