Wikipedia - Benutzerbeiträge [de]

Cryptocat

2014-04-14T12:23:17Z

Nullnullthree: /* Publicity */ Moved recent contributions by User:1Secretlove1 to Talk:Cryptocat for discussion.

{{Infobox software
| name = Cryptocat
| logo = [[File:Cryptocat logo.png|100px]]
| screenshot = [[File:Cryptocat 2.1.5.png|300px|Cryptocat chat interface.]]
| caption =
| developer = Cryptocat team
| released = {{start date|2011|5|19|df=yes}}
| frequently_updated = yes
| latest_release_version = 2.1.22
| latest_release_date = {{Start date and age|2014|4|4}}
| programming language = [[JavaScript]], [[Objective-C]]
| operating system = [[Cross-platform]]
| language = [[English language|English]], [[Arabic language|Arabic]], [[Bulgarian language|Bulgarian]], [[Burmese language|Burmese]], [[Chinese language|Chinese]], [[Danish language|Danish]], [[Dutch language|Dutch]], [[Farsi language|Farsi]], [[French language|French]], [[German language|German]], [[Greek language|Greek]], [[Hebrew language|Hebrew]], [[Hungarian language|Hungarian]], [[Italian language|Italian]], [[Japanese language|Japanese]], [[Korean language|Korean]], [[Latvian language|Latvian]], [[Norwegian language|Norwegian]], [[Polish language|Polish]], [[Portuguese language|Portuguese]], [[Romanian language|Romanian]], [[Russian language|Russian]], [[Slovene language|Slovenian]], [[Spanish language|Spanish]], [[Swedish language|Swedish]], [[Standard Tibetan|Tibetan]]
| genre = [[Secure communication]]
| license = [[Affero General Public License]]
| website = {{URL|https://crypto.cat/}}
}}

'''Cryptocat''' is an [[open source]] [[web application|web]] and [[mobile application|mobile]] application intended to allow secure, encrypted [[online chat]]ting.<ref>{{cite news | first=Adam | last=Dachis | title=Cryptocat Creates an Encrypted, Disposable Chatroom on Any Computer with a Web Browser | url=http://lifehacker.com/5828978/cryptocat-creates-a-private-encrypted-chatroom-on-any-computer-with-a-web-browser | newspaper=[[Lifehacker]] |date=9 August 2011 | accessdate=8 April 2012}}</ref><ref>{{cite news | first=Justin | last=Giovannetti | title=Encrypted messages: chatting safely with Cryptocat | url=http://montreal.openfile.ca/blog/curator-blog/exclusive/2012/encrypted-messages-chatting-safely-cryptocat | newspaper=OpenFile |date=4 February 2012 | accessdate=8 April 2012}}</ref> Cryptocat encrypts chats on the client side, only trusting the server with data that is already encrypted. Cryptocat is offered as an app for {{nowrap|[[Mac OS X]]}} or as a [[browser extension]] for [[Google Chrome]],<ref name="chrome">{{cite web|url=https://chrome.google.com/webstore/detail/gonbigodpnfghidmnphnadhepmbabhij |title=Cryptocat on the Chrome Web Store |publisher=Chrome.google.com |date= |accessdate=2012-07-28}}</ref> [[Mozilla Firefox]], [[Apple Safari]], [[Opera Browser|Opera]] and as a mobile app for [[iPhone]].

Cryptocat's stated goal is to make encrypted communications more accessible to average users.<ref>{{cite news | first=Andy | last=Greenberg | title=Crypto.cat Aims To Offer Super-Simple Encrypted Messaging | url=http://www.forbes.com/sites/andygreenberg/2011/05/27/crypto-cat-aims-to-offer-super-simple-encrypted-messaging/ | newspaper=[[Forbes]] |date=27 May 2011 | accessdate=8 April 2012}}</ref><ref>{{cite news | first=Christopher | last=Curtis | title=Free encryption software Cryptocat protects right to privacy: inventor | url=http://www.montrealgazette.com/technology/Free+encryption+software+Cryptocat+protects+right+privacy+inventor/6166181/story.html |archiveurl=https://web.archive.org/web/20120219190117/http://www.montrealgazette.com/technology/Free+encryption+software+Cryptocat+protects+right+privacy+inventor/6166181/story.html |archivedate=February 19, 2012 | newspaper=[[Montréal Gazette]] |date=17 February 2012 | accessdate=8 April 2012}}</ref> The chat software aims to strike a balance between security and usability -- offering more privacy than services such as [[Google Talk]] or [[Internet Relay Chat]], while maintaining a higher level of accessibility than [[Pidgin (software)|Pidgin]].<ref>{{cite news |url=http://www.nytimes.com/2012/04/18/nyregion/nadim-kobeissi-creator-of-a-secure-chat-program-has-freedom-in-mind.html |title=Using His Software Skills With Freedom, Not a Big Payout, in Mind |newspaper=New York Times |date=April 18, 2012 }}</ref>

==How it works==
Cryptocat uses the [[Off-the-Record Messaging]] (OTR) protocol for encrypted private messaging. Since Cryptocat generates new key pairs for every chat, it implements a form of [[perfect forward secrecy]].<ref>[https://github.com/cryptocat/cryptocat/wiki/Multiparty-Protocol-Specification Cryptocat Multiparty Protocol Specification] Retrieved 2013-12-28</ref> Cryptocat also may be used in conjunction with [[Tor (anonymity network)|Tor]] in order to anonymize the client's network traffic. The project also plans to create an embedded version for use with [[Raspberry Pi]] devices for use by non-profits.<ref>{{cite news | first=Jamillah | last=Knowles | title=Raspberry Pi network plan for online free-speech role | url=http://www.bbc.com/news/technology-17231698 | newspaper=[[BBC News]] |date=3 March 2012 | accessdate=8 April 2012}}</ref><ref>{{cite news | first=Jeremy | last=Kirk | title=Cryptocat Aims for Easy-to-use Encrypted IM Chat | url=https://www.pcworld.com/businesscenter/article/251837/cryptocat_aims_for_easytouse_encrypted_im_chat.html | newspaper=[[PCWorld (magazine)|PCWorld]] |date=14 March 2012 | accessdate=8 April 2012}}</ref> As of July 2013, a [[Commotion Wireless|Commotion]]-compatible version was in development.

In 2013 Cryptocat's network migrated to [[Bahnhof]], a Swedish webhost housed in mountainous Cold War nuclear bunker which has also hosted [[WikiLeaks]] and [[The Pirate Bay]].<ref>{{cite web|author=Nadim Kobeissi |url=https://blog.crypto.cat/2013/02/cryptocat-network-now-in-swedish-nuclear-bunker/ |title=Cryptocat Network Now in Swedish Nuclear Bunker |accessdate=2013-02-09}}</ref>

==Security concerns==
In 2012, following concerns about the security of [[Transport Layer Security|SSL]] as a whole, Cryptocat's SSL [[certificate pinning | certificate was pinned]] in Google Chrome and Chromium. <ref>{{cite web|author=Google |url=https://src.chromium.org/viewvc/chrome?revision=167944&view=revision |title=Google Chromium source code commits |accessdate=2013-09-09}}</ref>

In June 2013, security researcher Steve Thomas pointed out a security bug that could be used to decrypt any group chat message that had taken place using Cryptocat between September 2012 and April 19th 2013.<ref>{{cite web|author=Steve Thomas |url=http://tobtu.com/decryptocat.php|title=DecryptoCat |accessdate=2013-07-10}}</ref><ref>{{cite web|author=Cryptocat Development Blog |url=https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/|title=New Critical Vulnerability in Cryptocat: Details |accessdate=2013-07-07}}</ref> Private messages were not affected, and the bug had been resolved a month prior. After Thomas's research was released, Cryptocat issued a security advisory and requested that all users ensure that they had upgraded.<ref>{{cite web|author=Cryptocat Development Blog |url=https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/|title=New Critical Vulnerability in Cryptocat: Details |accessdate=2013-07-07}}</ref> Since 2011, a warning regarding the experimental nature of the project has been in place on the website's front page and within the software itself. The Cryptocat [[blog]] posted a warning, informing users that group conversations they had using the software in the past may have been compromised.<ref>{{cite web|author=Cryptocat Development Blog |url=https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/|title=New Critical Vulnerability in Cryptocat: Details |accessdate=2013-07-07}}</ref> Despite this, the main Cryptocat website does not warn users about the risk they face from the potential compromise of their past communications.

Some versions of Cryptocat have been questioned for utilizing the browser to encrypt messages,<ref>"[https://github.com/cryptocat/cryptocat/issues/16 JavaScript crypto in the browser is pointless and insecure.]"</ref> which some researchers feel is less secure than the desktop environment.<ref>[http://www.matasano.com/articles/javascript-cryptography/ Matasano Security – Matasano Web Security Assessments for Enterprises]</ref><ref>[http://log.nadim.cc/?p=33 Thoughts on Critiques of JavaScript Cryptography | Nadim Kobeissi]</ref><ref>[http://vimeo.com/45830811 HOPE 9: Why Browser Cryptography Is Bad & How We Can Make It Great on Vimeo]</ref> More recent versions have relied on browser-native random number generation<ref>"[https://developer.mozilla.org/en-US/docs/DOM/window.crypto.getRandomValues Mozilla Developer Network – window.crypto.getRandomValues]"</ref> which is considered more secure.{{By whom|date=September 2013}}

==Publicity==
Cryptocat developer [[Nadim Kobeissi]] claims that he was detained and questioned at the U.S. border by the [[DHS]] in June 2012 about its censorship resistance. He tweeted about the incident afterwards, resulting in media coverage and a spike in the popularity of Cryptocat.<ref>{{cite web|author=Jon Matonis |url=http://www.forbes.com/sites/jonmatonis/2012/06/07/detaining-developer-at-us-border-increases-cryptocat-popularity |title=Detaining Developer At US Border Increases Cryptocat Popularity |publisher=Forbes |date=2012-04-18 |accessdate=2012-07-28}}</ref><ref>{{cite web|url=http://www.itbusiness.ca/it/client/en/home/News.asp?id=67866 |title=Developer's detention spikes interest in Montreal's Cryptocat |publisher=Itbusiness.ca |date=2012-06-08 |accessdate=2012-07-28}}</ref>

==See also==
{{Portal| Freedom of speech | Information technology | Free software | Cryptography}}

* [[Freedom of information]]
* [[GNU Project]]
* [[Hacktivism]]
* [[Internet privacy]]
* [[TextSecure]]
* [[Tor (anonymity network)]]

==References==
{{reflist|30em}}

==External links==
*{{Official website|https://crypto.cat}}
*[https://github.com/cryptocat/cryptocat GitHub repository]

[[Category:Cryptographic software]]
[[Category:Internet privacy software]]
[[Category:Free security software]]

Cryptocat

2014-03-03T08:02:46Z

Nullnullthree: /* See also */ Added TextSecure and put list into alphabetical order.

{{Infobox software
| name = Cryptocat
| logo = [[File:Cryptocat logo.png|100px]]
| screenshot = [[File:Cryptocat 2.1.5.png|300px|Cryptocat chat interface.]]
| caption =
| developer = [[Nadim Kobeissi]]
| released = {{start date|2011|5|19|df=yes}}
| frequently_updated = yes
| latest_release_version = 2.1.15
| latest_release_date = {{Start date and age|2013|10|13}}
| programming language = [[JavaScript]]
| operating system = [[Cross-platform]]
| genre = [[Secure communication]]
| license = [[Affero General Public License]]
| website = {{URL|https://crypto.cat/}}
}}

'''Cryptocat''' is an [[open source]] [[web application]] intended to allow secure, encrypted [[online chat]]ting.<ref>{{cite news | first=Adam | last=Dachis | title=Cryptocat Creates an Encrypted, Disposable Chatroom on Any Computer with a Web Browser | url=http://lifehacker.com/5828978/cryptocat-creates-a-private-encrypted-chatroom-on-any-computer-with-a-web-browser | newspaper=[[Lifehacker]] |date=9 August 2011 | accessdate=8 April 2012}}</ref><ref>{{cite news | first=Justin | last=Giovannetti | title=Encrypted messages: chatting safely with Cryptocat | url=http://montreal.openfile.ca/blog/curator-blog/exclusive/2012/encrypted-messages-chatting-safely-cryptocat | newspaper=[[OpenFile]] |date=4 February 2012 | accessdate=8 April 2012}}</ref> Cryptocat encrypts chats on the client side, only trusting the server with data that is already encrypted. Cryptocat is offered as an app for {{nowrap|[[Mac OS X]]}} or as a [[browser extension]] for [[Google Chrome]],<ref name="chrome">{{cite web|url=https://chrome.google.com/webstore/detail/gonbigodpnfghidmnphnadhepmbabhij |title=Cryptocat on the Chrome Web Store |publisher=Chrome.google.com |date= |accessdate=2012-07-28}}</ref> [[Mozilla Firefox]] and [[Apple Safari]].

Cryptocat's stated goal is to make encrypted communications more accessible to average users.<ref>{{cite news | first=Andy | last=Greenberg | title=Crypto.cat Aims To Offer Super-Simple Encrypted Messaging | url=http://www.forbes.com/sites/andygreenberg/2011/05/27/crypto-cat-aims-to-offer-super-simple-encrypted-messaging/ | newspaper=[[Forbes]] |date=27 May 2011 | accessdate=8 April 2012}}</ref><ref>{{cite news | first=Christopher | last=Curtis | title=Free encryption software Cryptocat protects right to privacy: inventor | url=http://www.montrealgazette.com/technology/Free+encryption+software+Cryptocat+protects+right+privacy+inventor/6166181/story.html |archiveurl=https://web.archive.org/web/20120219190117/http://www.montrealgazette.com/technology/Free+encryption+software+Cryptocat+protects+right+privacy+inventor/6166181/story.html |archivedate=February 19, 2012 | newspaper=[[Montréal Gazette]] |date=17 February 2012 | accessdate=8 April 2012}}</ref> The chat software aims to strike a balance between security and usability -- offering more privacy than services such as [[Google Talk]] or [[Internet Relay Chat]], while maintaining a higher level of accessibility than [[Pidgin (software)|Pidgin]].<ref>{{cite news |url=http://www.nytimes.com/2012/04/18/nyregion/nadim-kobeissi-creator-of-a-secure-chat-program-has-freedom-in-mind.html |title=Using His Software Skills With Freedom, Not a Big Payout, in Mind |newspaper=New York Times |date=April 18, 2012 }}</ref>

Group conversations on Cryptocat which took place between September 2012 and April 19th 2013 were subject to a bug which made the conversations possible to decrypt by parties with access to the ciphertext.<ref>{{cite web|author=Cryptocat Development Blog |url=https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/|title=New Critical Vulnerability in Cryptocat: Details |accessdate=2013-07-07}}</ref>

==How it works==
Cryptocat uses the [[Off-the-Record Messaging]] (OTR) protocol for encrypted private messaging. Since Cryptocat generates new key pairs for every chat, it implements a form of [[perfect forward secrecy]].<ref>[https://github.com/cryptocat/cryptocat/wiki/Multiparty-Protocol-Specification Cryptocat Multiparty Protocol Specification] Retrieved 2013-12-28</ref> Cryptocat also may be used in conjunction with [[Tor (anonymity network)|Tor]] in order to anonymize the client's network traffic. The project also plans to create an embedded version for use with [[Raspberry Pi]] devices for use by non-profits.<ref>{{cite news | first=Jamillah | last=Knowles | title=Raspberry Pi network plan for online free-speech role | url=http://www.bbc.com/news/technology-17231698 | newspaper=[[BBC News]] |date=3 March 2012 | accessdate=8 April 2012}}</ref><ref>{{cite news | first=Jeremy | last=Kirk | title=Cryptocat Aims for Easy-to-use Encrypted IM Chat | url=https://www.pcworld.com/businesscenter/article/251837/cryptocat_aims_for_easytouse_encrypted_im_chat.html | newspaper=[[PCWorld (magazine)|PCWorld]] |date=14 March 2012 | accessdate=8 April 2012}}</ref> As of July 2013, a [[Commotion Wireless|Commotion]]-compatible version was in development.

In 2013, Cryptocat's network was migrated to [[Bahnhof]], a Swedish webhost famous for being housed inside a mountainous Cold War nuclear bunker and who is best known for having hosted both [[WikiLeaks]] and [[The Pirate Bay]].<ref>{{cite web|author=Nadim Kobeissi |url=https://blog.crypto.cat/2013/02/cryptocat-network-now-in-swedish-nuclear-bunker/ |title=Cryptocat Network Now in Swedish Nuclear Bunker |accessdate=2013-02-09}}</ref>

==Security concerns==
In 2012, following concerns about the security of [[Transport Layer Security|SSL]] as a whole, Cryptocat's SSL [[certificate pinning | certificate was pinned]] in Google Chrome and Chromium. <ref>{{cite web|author=Google |url=https://src.chromium.org/viewvc/chrome?revision=167944&view=revision |title=Google Chromium source code commits |accessdate=2013-09-09}}</ref>

In June 2013, security researcher Steve Thomas pointed out a security bug that could be used to decrypt any group chat message that had taken place using Cryptocat between September 2012 and April 19th 2013.<ref>{{cite web|author=Steve Thomas |url=http://tobtu.com/decryptocat.php|title=DecryptoCat |accessdate=2013-07-10}}</ref> Private messages were not affected, and the bug had been resolved a month prior. After Thomas's research was released, Cryptocat issued a security advisory and requested that all users ensure that they had upgraded.<ref>{{cite web|author=Cryptocat Development Blog |url=https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/|title=New Critical Vulnerability in Cryptocat: Details |accessdate=2013-07-07}}</ref> Since 2011, a warning regarding the experimental nature of the project has been in place on the website's front page and within the software itself. The Cryptocat [[blog]] posted a warning, informing users that group conversations they had using the software in the past may have been compromised.<ref>{{cite web|author=Cryptocat Development Blog |url=https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/|title=New Critical Vulnerability in Cryptocat: Details |accessdate=2013-07-07}}</ref> Despite this, the main Cryptocat website does not warn users about the risk they face from the potential compromise of their past communications.

Some versions of Cryptocat have been questioned for utilizing the browser to encrypt messages,<ref>"[https://github.com/cryptocat/cryptocat/issues/16 JavaScript crypto in the browser is pointless and insecure.]"</ref> which some researchers feel is less secure than the desktop environment.<ref>[http://www.matasano.com/articles/javascript-cryptography/ Matasano Security – Matasano Web Security Assessments for Enterprises]</ref><ref>[http://log.nadim.cc/?p=33 Thoughts on Critiques of JavaScript Cryptography | Nadim Kobeissi]</ref><ref>[http://vimeo.com/45830811 HOPE 9: Why Browser Cryptography Is Bad & How We Can Make It Great on Vimeo]</ref> More recent versions have relied on browser-native random number generation<ref>"[https://developer.mozilla.org/en-US/docs/DOM/window.crypto.getRandomValues Mozilla Developer Network – window.crypto.getRandomValues]"</ref> which is considered more secure.{{By whom|date=September 2013}}

==Publicity==
Cryptocat developer [[Nadim Kobeissi]] claims that he was detained and questioned at the U.S. border by the [[DHS]] in June 2012 about its censorship resistance. He tweeted about the incident afterwards, resulting in media coverage and a spike in the popularity of Cryptocat.<ref>{{cite web|author=Jon Matonis |url=http://www.forbes.com/sites/jonmatonis/2012/06/07/detaining-developer-at-us-border-increases-cryptocat-popularity |title=Detaining Developer At US Border Increases Cryptocat Popularity |publisher=Forbes |date=2012-04-18 |accessdate=2012-07-28}}</ref><ref>{{cite web|url=http://www.itbusiness.ca/it/client/en/home/News.asp?id=67866 |title=Developer's detention spikes interest in Montreal's Cryptocat |publisher=Itbusiness.ca |date=2012-06-08 |accessdate=2012-07-28}}</ref>

==See also==
{{Portal| Freedom of speech | Information technology | Free software | Cryptography}}

* [[Freedom of information]]
* [[GNU]]
* [[Hacktivism]]
* [[Internet privacy]]
* [[TextSecure]]
* [[Tor (anonymity network)]]

==References==
{{reflist|30em}}

==External links==
* {{Official website|https://crypto.cat/}}
* [https://github.com/cryptocat/cryptocat GitHub repository]

[[Category:Cryptographic software]]
[[Category:Internet privacy software]]
[[Category:Free security software]]