Screenshot of Cryptocat 2.1.5
|Original author(s)||Nadim Kobeissi|
|Developer(s)||Cryptocat contributors |
|Initial release||19 May 2011|
|Stable release||2.2.2 / June 12, 2014|
|Available in||28 languages|
|License||Affero General Public License|
Cryptocat is an open source web and mobile application intended to allow encrypted online chatting. Cryptocat uses end-to-end encryption and encrypts chats on the client side, only trusting the server with data that is already encrypted. Cryptocat is offered as an app for Mac OS X or as a browser extension for Google Chrome, Mozilla Firefox, Apple Safari, Opera and as a mobile app for iPhone.
Cryptocat is developed by the Cryptocat team and is published under the terms of the GPLv3 license.
Cryptocat was first launched on 19 May 2011.
In June 2012, Cryptocat developer Nadim Kobeissi said he was detained at the U.S. border by the DHS and questioned about Cryptocat's censorship resistance. He tweeted about the incident afterwards, resulting in media coverage and a spike in the popularity of the software.
In June 2013, security researcher Steve Thomas pointed out a security bug that could be used to decrypt any group chat message that had taken place using Cryptocat between September 2012 and April 19, 2013. Private messages were not affected, and the bug had been resolved a month prior. In response, Cryptocat issued a security advisory, requested that all users ensure that they had upgraded, and informed users that past group conversations may have been compromised.
In February 2014, an audit by iSec Partners criticized Cryptocat's authentication model as insufficient. In response, Cryptocat made improvements to user authentication, making it easier for users to authenticate and detect man-in-the-middle attacks.
Cryptocat allows its users to set up end-to-end encrypted chat environments via Google Chrome, Mozilla Firefox, Apple Safari, Opera or a native iOS application. Users can exchange one-to-one messages, group messages, files and photos.
Cryptocat may also be used in conjunction with Tor in order to anonymize the client's network traffic.
Since 2013, Cryptocat has offered the ability to connect to Facebook Messenger to initiate encrypted chatting with other Cryptocat users. According to the developers, the feature was meant to help offer an alternative to the regular Cryptocat chat model which does not offer long-term contact lists.
Reception and usage
As of December 26, 2015[update], Cryptocat has a score of 7 out of 7 points on the Electronic Frontier Foundation's secure messaging scorecard. It has received points for having communications encrypted in transit, having communications encrypted with keys the provider does not have access to (end-to-end encryption), making it possible for users to independently verify their correspondent's identities, having past communications secure if the keys are stolen (forward secrecy), having its code open to independent review (open source), having its security designs well-documented, and having completed a recent independent security audit.
Cryptocat uses the Off-the-Record Messaging (OTR) protocol for the encryption of one-to-one conversations. For group messaging, Cryptocat uses a group chat protocol which uses Curve25519, AES-256, and HMAC-SHA512 as primitives. All messages sent in Cryptocat, including group chat messages and file transfers, are end-to-end encrypted. Cryptocat provides cryptographic properties of confidentiality, integrity, authentication and forward secrecy for all conversations, and also provides deniability for file transfers and one-to-one chats.
Cryptocat also publishes its server configuration files and instructions for others to set up their own servers for the Cryptocat client to connect to.
- Cryptocat. "Cryptocat CONTRIBUTING.md". Retrieved 2014-06-22.
- Dachis, Adam (9 August 2011). "Cryptocat Creates an Encrypted, Disposable Chatroom on Any Computer with a Web Browser". Lifehacker. Retrieved 8 April 2012.
- Giovannetti, Justin (4 February 2012). "Encrypted messages: chatting safely with Cryptocat". OpenFile. Retrieved 8 April 2012.
- "Cryptocat on the Chrome Web Store". Chrome.google.com. Retrieved 2012-07-28.
- Jon Matonis (2012-04-18). "Detaining Developer At US Border Increases Cryptocat Popularity". Forbes. Retrieved 2012-07-28.
- "Developer's detention spikes interest in Montreal's Cryptocat". Itbusiness.ca. 2012-06-08. Retrieved 2012-07-28.
- Steve Thomas. "DecryptoCat". Retrieved 2013-07-10.
- Cryptocat Development Blog. "New Critical Vulnerability in Cryptocat: Details". Retrieved 2013-07-07.
- Cryptocat. "Recent Audits and Coming Improvements". Retrieved 2014-06-22.
- Norton, Quinn (12 May 2014). "Cryptocat Creates an Encrypted, Disposable Chatroom on Any Computer with a Web Browser". The Daily Beast. Retrieved 22 June 2014.
- Cryptocat. "Cryptocat, Now with Encrypted Facebook Chat". Retrieved 2014-06-22.
- Greenwald, Glenn (May 13, 2014). No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State. Metropolitan Books. p. 59. ISBN 978-1627790734. Retrieved 22 June 2014.
- Franceschi-Bicchierai, Lorenzo (21 November 2013). "Iran Blocks Encrypted Chat Service Despite Claims of Internet Freedom". Mashable. Retrieved 22 June 2014.
- "Secure Messaging Scorecard. Which apps and tools actually keep your messages safe?". Electronic Frontier Foundation. 4 November 2014. Retrieved 26 December 2015.
- Cryptocat. "Server Deployment Instructions". Retrieved 2014-06-22.
- Nadim Kobeissi. "Cryptocat Network Now in Swedish Nuclear Bunker". Retrieved 2013-02-09.
- Official website
- Cryptocat on GitHub
- Cryptocat on iTunes Preview
- Greenberg, Andy (27 May 2011). "Crypto.cat Aims To Offer Super-Simple Encrypted Messaging". Forbes.
- Curtis, Christopher (17 February 2012). "Free encryption software Cryptocat protects right to privacy: inventor". Montréal Gazette. Archived from the original on 19 February 2012.
- Dwyer, Jim (17 April 2012). "Using His Software Skills With Freedom, Not a Big Payout, in Mind". New York Times.
- Knowles, Jamillah (3 March 2012). "Raspberry Pi network plan for online free-speech role". BBC News.
- Kirk, Jeremy (14 March 2012). "Cryptocat Aims for Easy-to-use Encrypted IM Chat". PCWorld.