“For Cryptocat versions before 2.0.42, doing a split of 2*10^9 and 10^7 it takes about a day to calculate data needed to crack any key in few minutes. “Decryptocat takes advantage of a meet-in-the-middle attack called baby-step giant-step you can effectively square root the key space. He added that changes made to the keyspace in Cryptcocat version 2.0.42 raises that timeframe to 1,000 computer years of calculations. Using a meet-in-the-middle attack, which reduces the number of brute force attempts needed to crack a target, Thomas said his tool can crack a key in less than two hours of computing time. Thomas disagrees and says the bug has been present since October 2011, and wrote an app called DecryptoCat that cracks the ECC public keys generated by Cryptocat between versions 1.1.147 and 2.0.41. “Group conversations that were had during those seven months were likely vulnerable to being significantly easier to crack,” Cryptocat said on its development blog.
#CRYPTOCAT SECURITY UPDATE#
Cryptocat, meanwhile, says the vulnerability was present between versions 2.0 and 2.0.42-a seven-month timeframe-and urges users to update the app to the 2.1 branch. Worse, says researcher Steve Thomas who found the flaw, is that it likely was present in the code base going back to 2011. Cryptocat, an open source encrypted Web-based chat application, is taking heat from numerous places after a vulnerability was discovered that put chats at risk for relatively simple decryption, experts say.
0 kommentar(er)
