One could even run the deployment server and untrusted storage separately so complex TCB couldn't affect trusted app delivery or operation. The crypto to do that sort of thing right (outside a browser) is pretty basic. That could've been implemented in a simple, secure-coded app communicating over a secure tunnel with another simple app on a robust server. Type in information you and other person agreed to preferably in person. So, tell them to check domain and HTTPS.Ģ. Here was the user experience when I tried it:ġ. Super easy to build and use compared to high-secure, P2P apps w/ their trust management. It was basically a centrally-hosted, shared-secret setup.
Schneier post on the adoring media coverage of cryptocat (2012). To get right, and it takes a very long time, significantĮxperience, much peer review (on top of that significantĮxperience), and lots of sweat and iteration to build systems This is not a criticism: cryptosystems are notoriously difficult Years in the future, following sufficient peer review.)Ĭryptocat has had myriad errors in implementation, spanning theĮntire time it has been under active development.
Cryptocat security software#
Some context, if you don't know what cryptocat is, or why the lead dev is shutting it down:Įxcept: Today, Cryptocat is not for everyone.Ĭryptocat is under active development, and is suitable only forĭebugging and software experimentation.
0 kommentar(er)
