CryptoCat..... An Encrypted Instant Messaging System....

Discussion in 'Survival Communications' started by BTPost, Jun 21, 2013.


  1. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Ok Monkeys, I have run across this cute little bit of code, called CryptoCat. It is an Encrypted, OPEN SOURCE, Peer Reviewed Instant Messaging System, that runs from INSIDE your Web Browser, or on a Mac OSX 10.6, (Snow Leopard) or later, Computer. They plan on ADDING Android, and iPhone, Apps, later this year.

    What this means is:
    1. This is OPEN SOURCE, Peer Reviewed, which means that there are NO Back Doors for the Letters Outfits to exploit, to monitor the Messages.
    2. The Encryption is very STRONG, and unCrackable in Real Time. The KeySets are regenerated every time you log in, so logging Keysets doesn't get the Letters Outfits anywhere, as they have to start over, each time you hold a conversation.
    3. As it runs, as a module, from INSIDE your Web Browser, it is Universal as far as Operating Systems go. There are Modules for Safari, FireFox, Chrome, and a Mac OSX App, Now, and they are working on Apps for iPhone, and Android, that they hope to release this year.

    This looks like a very easy way to have SECURE Instant Messaging, that very easily can be adapted to send MonkeyNet PAD Generated Messages, while the Internet is still available. This would give MonkeyNet Users, double encryption. Regular Monkeys would have SECURE Instant Messaging capabilities....

    Something to consider, as an add-on to your Comms Software.....
    @melbo, @ghrit, @VisuTrac, @Falcon15, @DarkLight, @Icefoot, @techsar, @Mountainman

    Cryptocat
     
    melbo, Brokor, hank2222 and 5 others like this.
  2. Icefoot

    Icefoot Monkey+

    Nice, BT. Been looking for something to replace my Simp/MSN combo...
     
  3. Mountainman

    Mountainman Großes Mitglied Site Supporter+++

    @BTPost - Have you tried this out yet? Would like some real feedback before loading on the puter.
     
  4. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Yep, I have it loaded and have been using it with my youngest Daughter... very simple and straight forward... to operate.... I use the conference name "MonkeyNet" and then user name btpost....
     
  5. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Cryptocat 2.1.10 is an open source instant messaging program (available as a standalone program and as a plug-in for Safari, Firefox, and Chrome) that offers encrypted one-to-one and group chats using OTR or mpOTR. This release adds support for multiple windows for multiple conversations, major fixes for file transfers, internal optimizations, and other changes. Cryptocat is free for Mac OS X 10.6 and up and is also available in the Mac App Store.
     
    hank2222 likes this.
  6. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Cryptocat 'encrypted' group chats may have been crackable for 7 months
    Security expert Steve Thomas, who discovered the hole, wrote on his blog that any users of Cryptocat between 17 October 2011 and 15 June 2013 should assume that their messages were compromised, as well as those of whomever they were talking to.
    Cryptocat, for its part, says that the hole was open from versions 2.0 up until (and not including the latest, fixed version) 2.0.42. That period covers seven months, Cryptocat says.


    Just a NOTE, here.... The latest version that I posted above 2.1.10 is NOT compromised by this Hole, and should be Good to Go. The earlier version that I originally posted about, was Open, to this type of Hack, but there is NO KNOWN use of that Hack, in the wild, as of Today's DATE. So it was theoretically possible to Decrypt those chats, with enough Computing Power, but NO ONE has demonstrated that any Chat has been "Compromised"..... as of Todays DATE. ......
     
    VisuTrac likes this.
  7. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Cryptocat 2.1.12 is an open source instant messaging program (available as a standalone program and as a plug-in for Safari, Firefox, and Chrome) that offers encrypted one-to-one and group chats using OTR or mpOTR. This release adds fixes for "some non-critical security issues reported by Steve Thomas that slightly reduce the bits of entropy in OTR authentication" and "a pseudo-random number generator bug that causes some bias and wastes entropy." Cryptocat is free, available as a standalone program for Mac OS X 10.7 and up in the Mac App Store and as a browser plug-in for Mac OS X 10.6 and up on the project web site.

    This is the Permanent Fix for the above mentioned Security Hole.....
     
  8. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    Nice! @BTPost This is gonna be useful.
     
  9. techsar

    techsar Monkey+++

    Too bad the standalone is only for Mac...and fairly new ones, at that.
     
  10. Yard Dart

    Yard Dart Vigilant Monkey Moderator

    Just tried the link and discovered the same thing that it was only MAC enabled.....:(
     
  11. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    So load up Chrome, Firefox, or Safari, and then load the Pul-in Module......
     
  12. David Spero

    David Spero Monkey

    I've been using Cryptocat for some time, and like it. The earlier mentioned vulnerability only applied to public chat rooms, not to private chats in privately created areas.

    I'm not sure what the standalone product on a Mac offers that can not also be experienced through a browser plug-in on Windows, it seems great in Windows.

    There are some additional features that would be nice - in particular a notification if someone left you a message while you were away, and a way to transfer files.

    David Spero
    codegreenprep.com
     
  13. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    The latest version just released fixed the File Transfer issues, they said...
     
  14. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    Cryptocat 2.1.14 is an open source instant messaging program (available as a standalone program and as a plug-in for Safari, Firefox, and Chrome) that offers encrypted one-to-one and group chats using OTR or mpOTR. This release includes automatic reconnection to conversations, built-in Tor support, improved authentication via questions, new audio notifications, and other improvements. Cryptocat is free, available as a standalone program for Mac OS X 10.7 and up in the Mac App Store and as a browser plug-in for Mac OS X 10.6 and up on the project web site.

    This is available for just about ANY Browser as an Extension.... .....
     
  15. ghrit

    ghrit Bad company Administrator Founding Member

    Is this something we want to look into from a monkey(net) standpoint? What would we do with it that we can't do now other than encryption? If the web is up post mess, it may be useful for monkey comms; other than that I guess it's an open question.
     
  16. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    It is a SECURE way to have a quick Encrypted Chat with another KNOWN Person, that uses a different KeySet for each exchange, as per it's internal Protocol. Since it is Open Source, it is well researched, and no BackDoors, for Lerkers to exploit. Will NOT be of much use if the their Offshore Network is down, UNLESS, We as Monkeys, implement our own In-House CryptoCat Server, which certainly could be done, with a bit of a Learning Curve, by our Admins. MonkeyNet was designed, so that it is NOT dependent on ANY specific LINK based System. I it's simplest form, it doesn't even need any besides a Pencil & Paper. This could be a simple way to exchange KeySets, and PADs, in Real Time, as long as we have access to the IP Network, no that the File Transfer system is confirmed working, in CryptoCat. I would like to find someone to test out the Transfer of a STEGO Encrypted Picture File, to validate that method of transfer. Maybe an Addition, if we ever decide to add a Private GPG Key Server, to the site.... Just Think'en, out loud....
     
    AmericanRedoubt1776 and kellory like this.
  17. PapaGrune

    PapaGrune Inside the firestorm

    Safari version will not download on my iPad for what ever that is worth.


    Sent from my iPad using Tapatalk HD
     
  18. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    That is true PapaG... Safari on IOS doesn't allow for Extensions... Which CryptoCat is for Browsers. They are working on an APP for that, for IOS, Android, and Winders.....
     
  19. PapaGrune

    PapaGrune Inside the firestorm

    I will load it up on Windows and Firefox. I wait for android version. I am going to try it with Linux and Firefox too.

    sent from inside the fire tornado
     
  20. BTPost

    BTPost Stumpy Old Fart,Deadman Walking, Snow Monkey Moderator

    New Version of CryptoCat has been released. Big fixes and Updates....
     
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7