![]() A user creates a chat session, picks a nickname and then types a random string of characters in order to generate the 256-bit AES encryption keys for the public key cryptography system it uses.Ĭryptocat’s code is open source, and Kobeissi has published details on how its encryption works in order to get feedback from other cryptology specialists.Īs an added security measure, Cryptocat is compatible with TOR (The Onion Router), a worldwide network that make web surfing more anonymous by randomly routing traffic through its servers. First, one of its versions is web-based, so no application has to be downloaded. The beauty of Cryptocat is its simplicity. OTR must be downloaded, installed and configured, and both parties having a conversation must have it enabled in order for the messages to be encrypted. There are proven encryption technologies for instant messaging, such as PGP (Pretty Good Privacy) and OTR (Off The Record), an add-on encryption program for IM applications such as Pidgin and Adium.īut PGP can be “difficult to use for people who aren’t computer geeks,” Kobeissi said. Messages are encrypted when transmitted, but those conversations are decrypted on the servers running those services, potentially allowing interlopers to record them. I can give you a source for that allegation if needed, but why not use Jitsi that doesn't need a plugin for OTR.Many of those applications implement SSL (Secure Sockets Layer), an encryption protocol that underpins e-commerce transactions. Lastly I heard that Pidgin stores your passwords in plaintext on your device. I'm trying to setup a group chat with some members not seeing the need for encryption and thus not wanting extra steps like setting up Pidgin. I don't like that I can't put a password on the CryptoCat chat room beyond using a randomized chat room name.įor the record, OTR group chat can be accomplished using many interoperable cross-platform multi-service chat client. The only way to setup a chat room with OTR seems to be a group chat (requires invitations rather than a meet spot) or CryptoCat. It sounds like OTR is the gold standard for instant messaging, but once again my priority isn't gold. Mailvelope was the best solution I could find for user-friendly basic-level security. Seeing as I was only looking for a basic level of security, that seemed like overkill. This reminds me of when I tried to find a simple way to implement email encryption. Please let me know if there is a better place to post this question or search for answers. However, the website's security certificate expired today, and they haven't uploaded a new one. Also, positive reviews from LifeHacker and PC Magazine. The cached page seems to describe the cryptography the exact same way as ChatCrypt is laid out with the advantage of HTTPS (TLS/SSL) connection to the main page. It's very likely that I'm not as smart as I claim about this crypto stuff. That being said, I noticed that the main page is not HTTPS. However, I'm fine with the coding abilities of Eastern Europeans. Some of the language on the How It Works page looks like it was written by an Eastern European. But remember, my goal is user-friendly "security." I'm fine with well-done web-based encryption as long as it is easy to sign in. More importantly it's a browser-based encryption. However, there is no way to password protect a chat room meaning anyone can join who can guess the room number. However, I'm primarily wanting to setup a text chat room.Ĭrypto Cat seemed like the perfect solution. ![]() If I didn't trust their servers, I could setup my own Jitsi Videobridge. Jitsi Meet is an awesome service for audio and video chatting. This is especially true after learning that Facebook does its own monitoring of our conversations beyond what the government mandates. It doesn't need to be NSA proof, but I'd like it to be a little bit harder for Big Brother and Little Brother to read my group chats. I've been searching for a user-friendly "secure" chat room.
0 Comments
Leave a Reply. |