“For Cryptocat versions before 2.0.42, doing a split of 2*10^9 and 10^7 it takes about a day to calculate data needed to crack any key in few minutes. “Decryptocat takes advantage of a meet-in-the-middle attack called baby-step giant-step you can effectively square root the key space. He added that changes made to the keyspace in Cryptcocat version 2.0.42 raises that timeframe to 1,000 computer years of calculations. Using a meet-in-the-middle attack, which reduces the number of brute force attempts needed to crack a target, Thomas said his tool can crack a key in less than two hours of computing time. Thomas disagrees and says the bug has been present since October 2011, and wrote an app called DecryptoCat that cracks the ECC public keys generated by Cryptocat between versions 1.1.147 and 2.0.41. “Group conversations that were had during those seven months were likely vulnerable to being significantly easier to crack,” Cryptocat said on its development blog. Cryptocat, meanwhile, says the vulnerability was present between versions 2.0 and 2.0.42-a seven-month timeframe-and urges users to update the app to the 2.1 branch. Worse, says researcher Steve Thomas who found the flaw, is that it likely was present in the code base going back to 2011.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |