undefined | Better HN

0 pointswtbob12y ago0 comments

> > They are already effectively communicating in plaintext

> Got anything to back up this statement, or is this what you're inferring from the post and the analysis of the group chat component a while back?

That flaw meant that key-guessing was easy, and with an easily-guessed key even the best-encrypted data becomes plaintext.

Given the numerous flaws so far found in Cryptocat and the quality of its code, I wouldn't trust my treasure, freedom or life to it.

0 comments

1 comments · 1 top-level

thirsteh12y ago

Indeed, the PRG was flawed, but IIUC, this applied to only the RSA key generation used for group chat, not OTR, which is what cryptocat is mainly used for.

People reference "numerous flaws" a lot, but it all seems to lead back to the criticism of group chat from a while back. I'm not saying you're wrong--just be careful of the echo chamber.

j / k navigate · click thread line to collapse