Stop doing your own crypto

Posted Saturday, July 20 2013 by jonathan

TL;DR: The content of every "secure" message ever sent using CryptoCat has likely been decoded by the NSA, law enforcement, organized crime, and/or your parents.

Found this lovely disclosure via SANS...

Title: Cryptocat warns users of message compromise

Description: The popular encrypted IM system Cryptocat warned its users recently of a compromise
    in their encryption algorithm, and is telling them to treat all conversations between October 17, 2011 
    and June 15, 2013 as having been conducted in cleartext. The compromise stemmed not from tampering 
    with the source or any centralized intrusion, but instead from bugs that left encryption keys small enough 
    as to render them easily crackable. Patched versions are now available, and users are encouraged to 
    update their software immediately.

Reference: http://tobtu.com/decryptocat.php

I've done a bit of work related to secure software over the years and the most important thing I've learned is that the less you do yourself the better. Even if you're using well scrutinized implementations of widely understood algorithms you are going to screw something up and someone differently creative than you will eventually find a hole. This isn't the first time it's happened to Cryptocat.

I don't want to just pick on them though, this is not their fault alone. Encryption key generation and management is a very, very hard and counter-intuitive problem that has bitten operating systems, defense contractors, and computer security vendors themselves. It's a systems problem, not purely a mathematical one.

What's the lesson we should take away? If you really want to send a note securely use pencil, paper, and a one-time pad (hint: use the dice method).

Your Thoughts?