Stop doing your own crypto
Posted Saturday, July 20 2013 by jonathan
TL;DR: The content of every "secure" message ever sent using CryptoCat has likely been decoded by the NSA, law enforcement, organized crime, and/or your parents.
Found this lovely disclosure via SANS...
Title: Cryptocat warns users of message compromise Description: The popular encrypted IM system Cryptocat warned its users recently of a compromise in their encryption algorithm, and is telling them to treat all conversations between October 17, 2011 and June 15, 2013 as having been conducted in cleartext. The compromise stemmed not from tampering with the source or any centralized intrusion, but instead from bugs that left encryption keys small enough as to render them easily crackable. Patched versions are now available, and users are encouraged to update their software immediately. Reference: http://tobtu.com/decryptocat.php
I've done a bit of work related to secure software over the years and the most important thing I've learned is that the less you do yourself the better. Even if you're using well scrutinized implementations of widely understood algorithms you are going to screw something up and someone differently creative than you will eventually find a hole. This isn't the first time it's happened to Cryptocat.
I don't want to just pick on them though, this is not their fault alone. Encryption key generation and management is a very, very hard and counter-intuitive problem that has bitten operating systems, defense contractors, and computer security vendors themselves. It's a systems problem, not purely a mathematical one.
What's the lesson we should take away? If you really want to send a note securely use pencil, paper, and a one-time pad (hint: use the dice method).