From Wikipedia, the free encyclopedia
Jump to: navigation, search
Cryptocat logo.svg
Cryptocat chat interface.
Screenshot of Cryptocat 2.1.5
Original author(s) Nadim Kobeissi
Developer(s) Cryptocat contributors [1]
Initial release 19 May 2011 (2011-05-19)
Stable release 2.2.2 / June 12, 2014; 19 months ago (2014-06-12)
Written in JavaScript, Objective-C
Operating system Cross-platform
Available in 28 languages
Type Secure communication
License Affero General Public License

Cryptocat is an open source web and mobile application intended to allow encrypted online chatting.[2][3] Cryptocat uses end-to-end encryption and encrypts chats on the client side, only trusting the server with data that is already encrypted. Cryptocat is offered as an app for Mac OS X or as a browser extension for Google Chrome,[4] Mozilla Firefox, Apple Safari, Opera and as a mobile app for iPhone.

Cryptocat is developed by the Cryptocat team and is published under the terms of the GPLv3 license.


Cryptocat was first launched on 19 May 2011.

In June 2012, Cryptocat developer Nadim Kobeissi said he was detained at the U.S. border by the DHS and questioned about Cryptocat's censorship resistance. He tweeted about the incident afterwards, resulting in media coverage and a spike in the popularity of the software.[5][6]

In June 2013, security researcher Steve Thomas pointed out a security bug that could be used to decrypt any group chat message that had taken place using Cryptocat between September 2012 and April 19, 2013.[7][8] Private messages were not affected, and the bug had been resolved a month prior. In response, Cryptocat issued a security advisory, requested that all users ensure that they had upgraded, and informed users that past group conversations may have been compromised.[8]

In February 2014, an audit by iSec Partners criticized Cryptocat's authentication model as insufficient.[9] In response, Cryptocat made improvements to user authentication, making it easier for users to authenticate and detect man-in-the-middle attacks.[10]


Cryptocat allows its users to set up end-to-end encrypted chat environments via Google Chrome,[4] Mozilla Firefox, Apple Safari, Opera or a native iOS application. Users can exchange one-to-one messages, group messages, files and photos.

Cryptocat may also be used in conjunction with Tor in order to anonymize the client's network traffic.

Since 2013, Cryptocat has offered the ability to connect to Facebook Messenger to initiate encrypted chatting with other Cryptocat users.[11] According to the developers, the feature was meant to help offer an alternative to the regular Cryptocat chat model which does not offer long-term contact lists.[12]

Reception and usage[edit]

In June 2013, Cryptocat was used by journalist Glenn Greenwald while in Hong Kong to meet NSA whistleblower Edward Snowden for the first time, after other encryption software failed to work.[13]

In November 2013, Cryptocat was banned in Iran, shortly after the election of Iran's new president Hassan Rouhani who had promised more open Internet laws.[14]

As of December 26, 2015, Cryptocat has a score of 7 out of 7 points on the Electronic Frontier Foundation's secure messaging scorecard. It has received points for having communications encrypted in transit, having communications encrypted with keys the provider does not have access to (end-to-end encryption), making it possible for users to independently verify their correspondent's identities, having past communications secure if the keys are stolen (forward secrecy), having its code open to independent review (open source), having its security designs well-documented, and having completed a recent independent security audit.[15]



Cryptocat uses the Off-the-Record Messaging (OTR) protocol for the encryption of one-to-one conversations. For group messaging, Cryptocat uses a group chat protocol which uses Curve25519, AES-256, and HMAC-SHA512 as primitives. All messages sent in Cryptocat, including group chat messages and file transfers, are end-to-end encrypted. Cryptocat provides cryptographic properties of confidentiality, integrity, authentication and forward secrecy for all conversations, and also provides deniability for file transfers and one-to-one chats.


Cryptocat's network relies on a XMPP BOSH configuration. According to the project's privacy policy, Cryptocat's network only relays encrypted messages and does not store any data.[16] The project uses ejabberd and nginx in order to provide the XMPP-BOSH relay. In addition to the Cryptocat client's end-to-end encryption protocols, client-server communication is protected by TLS/SSL.

Cryptocat also publishes its server configuration files and instructions for others to set up their own servers for the Cryptocat client to connect to.[17]

In 2013, Cryptocat's network migrated to Bahnhof, a Swedish webhost housed in a mountainous Cold War nuclear bunker which has also hosted WikiLeaks and The Pirate Bay.[18]

See also[edit]


  1. ^ Cryptocat. "Cryptocat". Retrieved 2014-06-22. 
  2. ^ Dachis, Adam (9 August 2011). "Cryptocat Creates an Encrypted, Disposable Chatroom on Any Computer with a Web Browser". Lifehacker. Retrieved 8 April 2012. 
  3. ^ Giovannetti, Justin (4 February 2012). "Encrypted messages: chatting safely with Cryptocat". OpenFile. Retrieved 8 April 2012. 
  4. ^ a b "Cryptocat on the Chrome Web Store". Retrieved 2012-07-28. 
  5. ^ Jon Matonis (2012-04-18). "Detaining Developer At US Border Increases Cryptocat Popularity". Forbes. Retrieved 2012-07-28. 
  6. ^ "Developer's detention spikes interest in Montreal's Cryptocat". 2012-06-08. Retrieved 2012-07-28. 
  7. ^ Steve Thomas. "DecryptoCat". Retrieved 2013-07-10. 
  8. ^ a b Cryptocat Development Blog. "New Critical Vulnerability in Cryptocat: Details". Retrieved 2013-07-07. 
  9. ^
  10. ^ Cryptocat. "Recent Audits and Coming Improvements". Retrieved 2014-06-22. 
  11. ^ Norton, Quinn (12 May 2014). "Cryptocat Creates an Encrypted, Disposable Chatroom on Any Computer with a Web Browser". The Daily Beast. Retrieved 22 June 2014. 
  12. ^ Cryptocat. "Cryptocat, Now with Encrypted Facebook Chat". Retrieved 2014-06-22. 
  13. ^ Greenwald, Glenn (May 13, 2014). No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State. Metropolitan Books. p. 59. ISBN 978-1627790734. Retrieved 22 June 2014. 
  14. ^ Franceschi-Bicchierai, Lorenzo (21 November 2013). "Iran Blocks Encrypted Chat Service Despite Claims of Internet Freedom". Mashable. Retrieved 22 June 2014. 
  15. ^ "Secure Messaging Scorecard. Which apps and tools actually keep your messages safe?". Electronic Frontier Foundation. 4 November 2014. Retrieved 26 December 2015. 
  16. ^ Cryptocat. "Cryptocat Privacy Policy". Retrieved 2014-06-22. 
  17. ^ Cryptocat. "Server Deployment Instructions". Retrieved 2014-06-22. 
  18. ^ Nadim Kobeissi. "Cryptocat Network Now in Swedish Nuclear Bunker". Retrieved 2013-02-09. 

External links[edit]