|
Math.random(poop);
|
# ? Jun 30, 2014 23:47 |
|
|
# ? Apr 26, 2024 11:37 |
|
coffeetable posted:the cost for the 1% choosing the wrong prng is much bigger than the cost for the 99% choosing the wrong prng though its actually irrelevant because you shouldn't be writing your own crypto
|
# ? Jun 30, 2014 23:51 |
|
Captain Foo posted:Math.random(poop); how did you find my posting algorithm I made the repo private
|
# ? Jun 30, 2014 23:52 |
|
I'd put an ironic cryptocat sticker on my MacBook
|
# ? Jun 30, 2014 23:55 |
|
LARD LORD posted:this may be a little earnest for yossec but what would it take to fix cryptocat? it seems to be used by a lot of vulnerable people and its easy to laugh and call nadim an idiot but it seems like a lot of people could be in serious trouble use https use java use silverlight require a browser extension mostly use https
|
# ? Jun 30, 2014 23:58 |
|
spankmeister posted:Use jabber with the otr plugin yeah, uh, what problem does cryptocat solve that pidgin/Adium + OTR don't
|
# ? Jul 1, 2014 00:35 |
|
minivanmegafun posted:yeah, uh, what problem does cryptocat solve that pidgin/Adium + OTR don't the problem where im an idiot
|
# ? Jul 1, 2014 00:36 |
|
Bloody posted:the problem where im an idiot There's no real solution for that, but at least you're in great company!
|
# ? Jul 1, 2014 00:45 |
|
no cool cryptocats stickers?
|
# ? Jul 1, 2014 00:52 |
|
minivanmegafun posted:yeah, uh, what problem does cryptocat solve that pidgin/Adium + OTR don't
|
# ? Jul 1, 2014 01:38 |
|
reminder that iMessage is the only widely deployed transparently secure communication system
|
# ? Jul 1, 2014 01:49 |
|
pseudorandom name posted:reminder that iMessage is the only widely deployed transparently secure communication system it is neither widely deployed nor transparent nor secure
|
# ? Jul 1, 2014 01:55 |
|
Nintendo Kid posted:it is neither widely deployed nor transparent nor secure
|
# ? Jul 1, 2014 01:59 |
|
reminder that iMessage is the only communication system
|
# ? Jul 1, 2014 02:00 |
|
Nintendo Kid posted:it is neither widely deployed nor transparent nor secure
|
# ? Jul 1, 2014 02:13 |
|
this thread lol
|
# ? Jul 1, 2014 03:40 |
|
Aleksei Vasiliev posted:reminder that iMessage is the only communication system
|
# ? Jul 1, 2014 03:42 |
|
theadder posted:this thread lol
|
# ? Jul 1, 2014 03:43 |
gas
|
|
# ? Jul 1, 2014 03:44 |
|
|
# ? Jul 1, 2014 04:57 |
|
cryptoscat
|
# ? Jul 1, 2014 05:52 |
|
http://techcrunch.com/2014/07/01/paypal-shuts-down-secure-messaging-service-protonmails-crowdfunding-account/ what's protonmail? http://techcrunch.com/2014/06/23/protonmail-is-a-swiss-secure-mail-provider-that-wont-give-you-up-to-the-nsa/ oh lets hope its cryptocat for email
|
# ? Jul 1, 2014 15:23 |
|
i've got an account on the protonmail beta and it seems to work as advertised it's all done over https and the javascript crypto is so that nothing plaintext ever ends up on the protonmail servers, not to prevent network sniffing. you have two passwords, one for logging in and one to encrypt and decrypt your mail locally, and if you lose the second one you're just boned paypal is generally terrible and everybody should fully expect to lose their money if you use them for fundraising
|
# ? Jul 1, 2014 15:30 |
|
Heresiarch posted:i've got an account on the protonmail beta and it seems to work as advertised oh okay
|
# ? Jul 1, 2014 15:31 |
|
welp http://krebsonsecurity.com/2014/07/microsoft-darkens-4mm-sites-in-malware-fight/
|
# ? Jul 1, 2014 15:32 |
|
Heresiarch posted:the javascript crypto is so that nothing plaintext ever ends up on the protonmail servers doesnt matter. if their servers arent safe for storing data they arent safe for serving js
|
# ? Jul 1, 2014 15:55 |
|
Heresiarch posted:i've got an account on the protonmail beta and it seems to work as advertised Heresiarch posted:it's all done over https and the javascript crypto is so that nothing plaintext ever ends up on the protonmail servers, not to prevent network sniffing. you have two passwords, one for logging in and one to encrypt and decrypt your mail locally, and if you lose the second one you're just boned Heresiarch posted:it's all done over https and the javascript crypto Heresiarch posted:javascript crypto
|
# ? Jul 1, 2014 15:58 |
|
the entire point of the crypto cat thing is that there is no such thing as good javascript crypto
|
# ? Jul 1, 2014 15:59 |
|
you know how the NSA spreads FUD to make their lives easier and prevent organized efforts to fight them? http://forums.somethingawful.com/member.php?action=getinfo&userid=107936
|
# ? Jul 1, 2014 15:59 |
|
Squinty Applebottom posted:you know how the NSA spreads FUD to make their lives easier and prevent organized efforts to fight them? I want that hoodie.
|
# ? Jul 1, 2014 16:02 |
|
hobbesmaster posted:the entire point of the crypto cat thing is that there is no such thing as good javascript crypto I think he's saying that the "js crypto" is really just an obfuscation so there isn't a bunch of plaintext logs sitting around if the server is seized and client data is all carried over HTTPS like it should
|
# ? Jul 1, 2014 17:04 |
|
I guess if the mail decryption is javascript then it could be a problem if someone manages to spoof a cert and hit you with a mitm but with it being carried over https you should be reasonably sure you're connecting to the server you think you are and getting untampered javascript
|
# ? Jul 1, 2014 17:06 |
|
i'm not saying protonmail is perfect or even a good idea, i'm just explaining how it works it's a less lovely project then cryptocat but yes it's probably still doomed
|
# ? Jul 1, 2014 17:07 |
|
BangersInMyKnickers posted:I think he's saying that the "js crypto" is really just an obfuscation so there isn't a bunch of plaintext logs sitting around if the server is seized and client data is all carried over HTTPS like it should basically this, yes it's not trying to reimplement tls using js so it's already doing better than cryptocat
|
# ? Jul 1, 2014 17:09 |
|
http://blog.bitpay.com/2014/07/01/bitauth-for-decentralized-authentication.html spot the security fuckup, easy mode: quote:concatenate and sign URI + BODY with your private key, and provide it in x-signature i'm shocked that a prominent bitcoin payment processor is rolling their own crypto while displaying a very rudimentary understanding of the state of the art in cryptography and protocol design, shocked.
|
# ? Jul 2, 2014 05:24 |
|
suffix posted:http://blog.bitpay.com/2014/07/01/bitauth-for-decentralized-authentication.html
|
# ? Jul 2, 2014 06:08 |
|
i don't see the fuckup like yes they don't show any signs of having researched existing solutions and there's literally no reason this needs to be related to bitcoin but i don't see the problem with the bit you quoted
|
# ? Jul 2, 2014 06:16 |
|
BangersInMyKnickers posted:I think he's saying that the "js crypto" is really just an obfuscation so there isn't a bunch of plaintext logs sitting around if the server is seized and client data is all carried over HTTPS like it should You could just ... not log plaintext on your server if this is what you desire. There is zero purpose to js crypto unless you're doing something to validate that the js is what you expect, and if you can do that you could just use that as a mechanism to distribute your crypto instead of sending your crapto code over the wire every time.
|
# ? Jul 2, 2014 06:34 |
|
vOv posted:i don't see the fuckup Yeah, I don't see the problem.
|
# ? Jul 2, 2014 12:19 |
|
|
# ? Apr 26, 2024 11:37 |
|
Jabor posted:You could just ... not log plaintext on your server if this is what you desire. Well, the issue is that you have to trust the server. Doing crypto on the client means that the server *never* sees unencrypted messages. That said, the emails come directly unencrypted into their server, right? So I don't know why it would help. I do use some software with crypto on the client, and yes, I've verified that no plaintext stuff is leaking to the server. It's all stock AES-256 in CBC mode.
|
# ? Jul 2, 2014 12:21 |