We’ve published the Cryptocat Architecture & Lifecycle Document, and strongly encourage you to review it if you’re looking to get started as a developer, or simply if you wish to understand or development and deployment rationale.
Additionally, an image version is included below:
We are very excited about the progress we’re making on Cryptocat for Android, and we’re releasing the very first photo of Cryptocat running on our Samsung Galaxy Player.
Some amazing features are coming. Stay tuned!
We’re proud to announce that with version 1.4 of the Cryptocat protocol, we’ve discarded traditional Diffie-Hellman in favor our Elliptic Curve Cryptography based on Daniel Bernstein’s Curve25519. This improvement generally makes Cryptocat’s cryptographic operations measurably around four times faster, and also makes key exchange much more efficient.
Why push Elliptic Curve Cryptography out now? With the preparation of Cryptocat native mobile apps, we have discovered that traditional 4096 bit Diffie-Hellman operations are too slow on mobile devices. This push of a new protocol version was made as a pre-emptive move towards the deployment of mobile apps for Cryptocat with key generation that is four times faster.
Our Elliptic Curve methodology is documented in the latest version of the Cryptocat protocol specification.
Cryptocat Chrome app users must update their version of Cryptocat immediately.
The latest version of Cryptocat app for Google Chrome can now connect to custom Cryptocat across the web. Chrome app users are no longer limited to only connecting to the server at crypto.cat, but can also connect to their own third-party Cryptocat server installations.
Simply click on the new “Use Custom Server” motif:
…and type in your custom server.
This perk comes at a cost. Since Cryptocat now requires the ability to connect to any server you specify arbitrarily, the new Chrome app version will request the ability to connect to any websites (previous versions requested only crypto.cat:)
For more information on how to set up your own Cryptocat server, check out our Github README.
We’re reporting some impressive usage statistics for the month of April, which just ended. With Cryptocat apps for Firefox, Android and iOS coming up, these numbers are only bound to increase!
The New York Times has published a wonderful interview with Cryptocat’s main developer:
“The whole point of Cryptocat is that you click a link and you’re chatting with someone over an encrypted chat room,” said Mr. Kobeissi, who was born in Lebanon and said he had lived through four wars. “That’s it. You’re done. It’s just as easy to use as Facebook chat, Google chat, anything.”
Cryptocat has also been subject of an interview on RT’s news segment. A video is available:
The Cryptocat Project would like to sincerely thank both the New York Times and RT staff for their interest in our open software.
Cryptocat spent last weekend participating in the wonderful Wall Street Journal Data Transparency Weekend. Under the supervision of the wonderful WSJData staff, we were able to team up with Jacob Appelbaum, Arturo Filastò, Joseph Bonneau, the Guardian Project and other strongly talented individuals who contributed their code, feedback, and invaluable time on improving the Cryptocat software. Hot on the heels Cryptocat being named an Official Honouree of the 16th Annual Webby Awards, we also received the following award for our work during the Data Transparency Weekend:
The Weekend saw many improvements and collaborations, namely:
Finally, we’ve decided to re-release the Cryptocat code under the Affero General Public License (APGL3,) a free software license that will hopefully help Cryptocat repay the free software community for all its hard and passionate work. We encourage you to visit the Github repository for more details on how the project has evolved during the weekend. We are all still in New York City, enjoying the spring for one more week and attending the very exciting Whitney Museum Computer Security Teach-in organized by Laura Poitras and Jacob Appelbaum. See you there!
The latest Cryptocat build includes integrity checks which verify that the cryptographic primitives (AES encryption/decryption, Whirlpool hashing, HMAC generation) work properly, also running tests on the other, non-cryptographic libraries that Cryptocat uses such as the big integer handling and Math() function customization libraries. The integrity checks work by running elaborate tests using these functions and comparing their results to pre-computed variables.
Cryptocat runs the integrity checks unobtrusively before the user is allowed to join the chat session:
We hope that these integrity checks will mitigate against Cryptocat functioning unexpectedly in substandard or outdated browsers.
We’ve updated the Cryptocat protocol to version 1.3. Both the web and Chrome app versions have had their codebases updated to reflect the changes, so Chrome app users will need to update their Cryptocat app in order to be able to use the latest version of the protocol along with those accessing Cryptocat via the web version.
Version 1.3 of the Cryptocat protocol discards the use of SHA-256 and SHA-512, instead introducing Whirlpool as a single hashing algorithm across the entire protocol.
This change has been made mainly to avoid the usage of two different hash functions in the protocol, and also means that HMAC functions in the Cryptocat specification now use 512 bit hash functions (instead of 256 bit.) We have chosen Whirlpool because of its 512 bit hash output size, its strong reputation, and because implementations of the function are relatively simple to understand. Furthermore, problems with SHA512 implementations and some modern browsers further influenced our decision to move away to a new standard.
You may download the design specification for protocol 1.3 here. As always, feedback is welcome.
We’ve added cute emoticons to Cryptocat! Here’s a screenshot:
In order to make the emoticons non-obtrusive, we’ve made them the same color as text, and so that if you copy a line into your clipboard, the emoticon is automatically copied in its text version. For example, The third line in the picture above would be copied as:
They’re really neat! :3 I wonder how many there are! :x
There are 13 emoticons in total. See if you can find them all!