undefined | Better HN

0 pointsayyghost10y ago0 comments

One of the Cryptodog devs here - no Chrome 0days in our possession (yet).

The code's all on Github: https://github.com/Cryptodog/cryptodog. No signed extensions or apps yet, but you can clone and run locally for testing purposes, or use the hosted client linked there.

So far, we've been focusing on refactoring, fixing surface bugs, and making the UI more attractive and intuitive -- none of the underlying cryptography has been touched. It also performs slightly faster than stock Cryptocat. Since Nadim took down his XMPP server, we've had to create our own, but the backend is identical to his setup.

Of course, Cryptodog is by no means the best solution for E2E chat, just as Cryptocat wasn't. The best we can hope to achieve without a complete codebase overhaul is a reasonable level of security (https://leastauthority.com/static/publications/LeastAuthorit...). However, it's still a fairly usable app that can afford casual users protection against basic threats, like corporate data mining.

Issue postings, pull requests, and other miscellaneous contributions are all welcome.

0 comments

4 comments · 3 top-level

narrowrail10y ago· 1 in thread

[side note] My guess is that you and the GP share an IP address, so I vouched for this comment.

I can't figure out why follow the path of fixing cryptocat instead of joining with a more promising project (take your pick, they're a ton). Anyway, I was about to tell tptacek that he fell for a troll, and the real new project was Cryptolion...

ayyghostOP10y ago

We never intended to "fix" Cryptocat, per se. I agree that would be more trouble than it's worth, especially when there are things like Signal, Ricochet, CoyIM, etc.

Cryptodog is very much a casual project, not an all-encompassing fix for inherent design flaws. I offer it here only as an alternative for former users of Cryptocat who were content with the app.

P.S. Your guess is inaccurate, I am not the GP. HN staff might be able to verify this if it concerns you.

tptacek10y ago

Cryptocat was badly flawed and had at least one very serious undisclosed flaw before it was shut down. Do not try to build a secure messaging system from its code base.

abecedarius10y ago

Hey, I coauthored the audit report you linked to, and I want to clarify: our policy was to list findings without editorializing on how severe you should judge them to be. We didn't intend to claim one way or another about "a reasonable level of security".

I don't speak for Least Authority (and don't currently work for them).

j / k navigate · click thread line to collapse