Cryptocat

{{Infobox software

| logo = Cryptocat logo new.svg

| logo size = 128px

| screenshot = Cryptocat 3.1.24 on Windows 10.png

| caption = Cryptocat 3.1.24 running on Windows 10.

| author = Nadim Kobeissi

| developer = Nadim Kobeissi and contributors

| released = {{start date|2011|5|19|df=yes}}

| latest release version = {{wikidata|property|edit|reference|P348}}

| latest release date = {{start date and age|{{wikidata|qualifier|P348|P577}}}}

|discontinued=yes

| programming language = JavaScript

| operating system = Cross-platform

| language = English, Catalan, French

| language count = 3

| genre = Secure communication

| license = GNU General Public License

| status =

}}

Cryptocat is a discontinued open-source desktop application intended to allow encrypted online chatting available for Windows, OS X, and Linux.{{Cite web|url=https://crypto.cat/index.html|title=Cryptocat|website=crypto.cat|access-date=2016-03-29|archive-date=18 July 2016|archive-url=https://web.archive.org/web/20160718165716/https://crypto.cat/index.html|url-status=live}} It uses end-to-end encryption to secure all communications to other Cryptocat users. Users are given the option of independently verifying their buddies' device lists and are notified when a buddy's device list is modified and all updates are verified through the built-in update downloader.

Cryptocat was created by Nadim Kobeissi and further developed along with a community of open source contributors and is published under the terms of the GPLv3 license, although it has since been discontinued.

History

Cryptocat was first launched on 19 May 2011 as a web application.

In June 2012, Kobeissi said he was detained at the U.S. border by the DHS and questioned about Cryptocat's censorship resistance. He tweeted about the incident afterwards, resulting in media coverage and a spike in the popularity of the software.{{cite web |url=http://www.itbusiness.ca/it/client/en/home/News.asp?id=67866 |title=Developer's detention spikes interest in Montreal's Cryptocat |work=IT Business |publisher=Itbusiness.ca |date=2012-06-08 |accessdate=2012-07-28 |archive-date=29 January 2013 |archive-url=https://web.archive.org/web/20130129051239/http://www.itbusiness.ca/it/client/en/home/News.asp?id=67866 |url-status=live }}

In June 2013, security researcher Steve Thomas pointed out a security bug that could be used to decrypt any group chat message that had taken place using Cryptocat between September 2012 and 19 April 2013.{{cite web |author=Steve Thomas |url=http://tobtu.com/decryptocat.php |title=DecryptoCat |accessdate=2013-07-10 |archive-date=26 July 2015 |archive-url=https://web.archive.org/web/20150726102911/http://tobtu.com/decryptocat.php |url-status=live }}{{cite web |author=Cryptocat Development Blog |url=https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/ |title=New Critical Vulnerability in Cryptocat: Details |accessdate=2013-07-07 |archive-url=https://web.archive.org/web/20130705051050/https://blog.crypto.cat/2013/07/new-critical-vulnerability-in-cryptocat-details/ |archive-date=2013-07-05 |url-status=dead }} Private messages were not affected, and the bug had been resolved a month before. In response, Cryptocat issued a security advisory, requested that all users ensure that they had upgraded, and informed users that past group conversations may have been compromised.

In February 2014, an audit by iSec Partners criticized Cryptocat's authentication model as insufficient.https://isecpartners.github.io/publications/iSEC_Cryptocat_iOS.pdf {{Webarchive|url=https://web.archive.org/web/20201112023318/http://isecpartners.github.io/publications/iSEC_Cryptocat_iOS.pdf |date=12 November 2020 }} {{Bare URL PDF|date=March 2022}} In response, Cryptocat made improvements to user authentication, making it easier for users to authenticate and detect man-in-the-middle attacks.{{cite web |author=Cryptocat |url=https://blog.crypto.cat/2014/04/recent-audits-and-coming-improvements/ |title=Recent Audits and Coming Improvements |accessdate=2014-06-22 |url-status=dead |archive-url=https://web.archive.org/web/20141015215301/https://blog.crypto.cat/2014/04/recent-audits-and-coming-improvements/ |archive-date=2014-10-15 }}

In February 2016, citing dissatisfaction with the project's current state after 19 months of non-maintenance, Kobeissi announced that he would be taking Cryptocat temporarily offline and discontinuing the development of its mobile application, pending a complete rewrite and relaunch of the software.{{cite web|last1=Paletta|first1=Damian|title=How the U.S. Fights Encryption—and Also Helps Develop It|url=https://www.wsj.com/articles/how-the-u-s-fights-encryptionand-also-helps-develop-it-1456109096|website=The Wall Street Journal|publisher=News Corp|date=22 February 2016|accessdate=24 February 2016|archive-date=19 June 2018|archive-url=https://web.archive.org/web/20180619214131/https://www.wsj.com/articles/how-the-u-s-fights-encryptionand-also-helps-develop-it-1456109096|url-status=live}} In March 2016 Kobeissi announced the re-release of Cryptocat, rewritten completely as desktop software instead of the original web application software, as a public beta and the resumption of the service.{{Cite web|url=https://crypto.cat/news.html#3.0.16|title=Cryptocat Release Announcement|website=crypto.cat|access-date=2016-04-22|archive-url=https://web.archive.org/web/20161222082400/https://crypto.cat/news.html#3.0.16|archive-date=2016-12-22|url-status=dead}} The new desktop-centric approach allowed Cryptocat to benefit from stronger desktop integration, in a style similar to Pidgin.

In February 2019, it was announced that Cryptocat would be discontinued.{{Cite web |url=https://twitter.com/cryptocatapp/status/1092712064634753024 |title=We are discontinuing the Cryptocat service starting tomorrow. The software is no longer maintained. |last=Cryptocat |date=2019-02-05 |website=@cryptocatapp |language=en |access-date=2019-02-05 |archive-date=12 December 2021 |archive-url=https://web.archive.org/web/20211212092411/https://twitter.com/cryptocatapp/status/1092712064634753024 |url-status=live }} As of December 2019, the cryptocat domain is for sale and links to the site for the Wire messenger.{{Cite web|url=https://crypto.cat/|archive-url=https://web.archive.org/web/20191107024637/https://crypto.cat/|url-status=dead|archive-date=2019-11-07|title=crypto.cat|date=2019-11-07|access-date=2019-12-05}}

Features

Cryptocat allows its users to set up end-to-end encrypted chat conversations. Users can exchange one-to-one messages, encrypted files, photos as well as create and share audio/video recordings. All devices linked to Cryptocat accounts will receive forward secure messages, even when offline.

All messages, files and audio/video recordings sent over Cryptocat are end-to-end encrypted. Cryptocat users link their devices to their Cryptocat account upon connection, and can identify each other's devices via the client's device manager in order to prevent man-in-the-middle attacks. Cryptocat also employs a Trust on first use mechanism in order to help detect device identity key changes.

Cryptocat also includes a built-in auto-update mechanism that automatically performs a signature check on downloaded updates in order to verify authenticity, and employs TLS certificate pinning in order to prevent network impersonation attacks.

Originally in 2013, Cryptocat offered the ability to connect to Facebook Messenger to initiate encrypted chatting with other Cryptocat users.{{cite news | first=Quinn | last=Norton | title=Cryptocat Creates an Encrypted, Disposable Chatroom on Any Computer with a Web Browser | url=http://www.thedailybeast.com/articles/2014/05/12/crypto-for-the-masses-here-s-how-you-can-resist-the-nsa.html | newspaper=The Daily Beast | date=12 May 2014 | accessdate=22 June 2014 | archive-date=19 June 2014 | archive-url=https://web.archive.org/web/20140619065831/http://www.thedailybeast.com/articles/2014/05/12/crypto-for-the-masses-here-s-how-you-can-resist-the-nsa.html | url-status=live }} According to the developers, the feature was meant to help offer an alternative to the regular Cryptocat chat model which did not offer long-term contact lists.{{cite web |author=Cryptocat |url=https://blog.crypto.cat/2014/05/cryptocat-now-with-encrypted-facebook-chat/ |title=Cryptocat, Now with Encrypted Facebook Chat |accessdate=2014-06-22 |url-status=dead |archive-url=https://web.archive.org/web/20141111151356/https://blog.crypto.cat/2014/05/cryptocat-now-with-encrypted-facebook-chat/ |archive-date=2014-11-11 }} This feature was disconnected in November 2015.

Reception and usage

In June 2013, Cryptocat was used by journalist Glenn Greenwald while in Hong Kong to meet NSA whistleblower Edward Snowden for the first time, after other encryption software failed to work.{{cite book |last=Greenwald |first=Glenn |author-link=Glenn Greenwald |date=13 May 2014 |title=No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State |url=https://archive.org/details/isbn_9781627790734/page/59 |publisher=Metropolitan Books |page=[https://archive.org/details/isbn_9781627790734/page/59 59] |isbn=978-1627790734 |accessdate=22 June 2014 |url-access=registration }}

In November 2013, Cryptocat was banned in Iran, shortly after the election of Iran's new president Hassan Rouhani who had promised more open Internet laws.{{cite news | first=Lorenzo | last=Franceschi-Bicchierai | title=Iran Blocks Encrypted Chat Service Despite Claims of Internet Freedom | url=http://mashable.com/2013/11/21/iran-blocks-cryptocat/ | newspaper=Mashable | date=21 November 2013 | accessdate=22 June 2014 | archive-date=22 June 2014 | archive-url=https://web.archive.org/web/20140622151345/http://mashable.com/2013/11/21/iran-blocks-cryptocat/ | url-status=live }}

Cryptocat was listed on the Electronic Frontier Foundation's "Secure Messaging Scorecard" from 4 November 2014 until 13 March 2016. During that time, Cryptocat had a score of 7 out of 7 points on the scorecard. It had received points for having communications encrypted in transit, having communications encrypted with keys the provider did not have access to (end-to-end encryption), making it possible for users to independently verify their correspondent's identities, having past communications secure if the keys were stolen (forward secrecy), having its code open to independent review (open-source), having its security designs well-documented, and having completed an independent security audit.{{cite web | url = https://www.eff.org/secure-messaging-scorecard | publisher = Electronic Frontier Foundation | title = Secure Messaging Scorecard. Which apps and tools actually keep your messages safe? | date = 4 November 2014 | accessdate = 21 April 2016 | archive-url = https://web.archive.org/web/20161115054343/https://www.eff.org/secure-messaging-scorecard | archive-date = 15 November 2016 | url-status = dead }}

Architecture

=Encryption=

Cryptocat uses a Double Ratchet Algorithm in order to obtain forward and future secrecy across messages, after a session is established using a four-way Elliptic-curve Diffie–Hellman handshake. The handshake mixes in long-term identity keys, an intermediate-term signed pre-key, and a one-time use pre-key.{{Cite web|url=https://github.com/cryptocat/cryptocat/blob/master/src/js/axolotl.js|title=Cryptocat Axolotl Implementation|website=github.com|access-date=2016-04-22}}{{Dead link|date=July 2019 |bot=InternetArchiveBot |fix-attempted=yes }} The approach is similar to the encryption protocol adopted for encrypted messaging by the Signal mobile application. Cryptocat's goal is for its messages to obtain confidentiality, integrity, source authenticity, forward and future secrecy and indistinguishability even over a network controlled by an active attacker.{{Cite web|url=https://crypto.cat/security.html|title=Cryptocat - Security|website=crypto.cat|access-date=2016-03-29|archive-url=https://web.archive.org/web/20160407125207/https://crypto.cat/security.html|archive-date=2016-04-07|url-status=dead}} The forward secrecy features of the protocol that Cryptocat uses are similar to those first introduced by Off-the-Record Messaging.

Cryptocat uses the Advanced Encryption Standard in Galois/Counter Mode for authenticated encryption, Curve25519 for Elliptic curve Diffie-Hellman shared secret agreement, HMAC-SHA256 for key derivation and Ed25519 for signing.{{Cite web|url=https://github.com/cryptocat/cryptocat/blob/master/src/js/pscl.js|title=Cryptocat Cryptographic Primitives|website=github.com|access-date=2016-04-22}}{{Dead link|date=July 2019 |bot=InternetArchiveBot |fix-attempted=yes }} In order to limit the effect of a long-term identity key compromise, long-term keys are used exclusively once for the initial Authenticated Key Exchange, and once for signing a newly generated intermediate-term signed pre-key.

For the transport layer, Cryptocat adopts the OMEMO Multi-End Message and Object Encryption standard, which also gives Cryptocat multi-device support and allows for offline messaging.

=Network=

Cryptocat's network relies on a XMPP configuration served over WebSockets. According to the project's mission statement, Cryptocat's network only relays encrypted messages and does not store any data.{{cite web |author=Cryptocat |url=https://crypto.cat/mission.html |title=Cryptocat Mission Statement |accessdate=2016-04-22 |archive-url=https://web.archive.org/web/20160407125229/https://crypto.cat/mission.html |archive-date=7 April 2016 |url-status=dead }} In addition to the Cryptocat client's end-to-end encryption protocol, client-server communication is protected by TLS.

==Distribution==

From March 2011 until March 2016, Cryptocat was officially distributed through the Google Chrome Web Store, the Apple App Store and other official channels controlled by targeted platforms. After Cryptocat's re-write into desktop software in March 2016, the software became distributed exclusively through Cryptocat's own servers, which also handle signed update delivery.{{cite web |author=Cryptocat |url=https://download.crypto.cat/ |title=Cryptocat Download Server |accessdate=2016-04-22 |archive-url=https://web.archive.org/web/20190118062652/https://download.crypto.cat/ |archive-date=18 January 2019 |url-status=dead }}