Talk:Cryptocat

Dubious
I think the claim that the PRNG in cryptocat doesn't show any bias is dubious. The source referred to in the article is from the project website, so there's also a potential WP:COI here or at the very least WP:PRIMARY. Since this is a recurring problem in the article, i am also restoring the marker 'primary sources' which was removed without sufficient clearing up of primary sources (only a few external links were added without removing primary sources).

As for the PRNG, there are plenty of documented ways to properly test a PRNG (which is in this case, a CPRNG, which requires even more severe testing). See CPRNG, NIST's test suite, PRNG or Diehard_tests. Another example of proper entropy testing is this review of different TCP sequence numbers generators. For the "Dubious" claim to be removed, I consider the PRNG would need to be tested by a third party using one of the above methods. -- TheAnarcat (talk) 16:48, 29 July 2012 (UTC)

DecryptoCat
http://tobtu.com/decryptocat.php


 * The article currently states that "In June 2013, a tool called Decryptocat was announced" ... and then states that "The security problems highlighted in DecryptoCat have been resolved as of April 2013.". Either time travel is involved, or the two months are reversed, or ??? Twang (talk) 04:28, 15 July 2013 (UTC)
 * He pointed out the bugfix months after it happened. ♥GlamRock♥ 15:06, 10 September 2013 (UTC)

What happened to the In-The-Browser version of Cryptocat?
It seems that Cryptocat today only functions as a browser plugin. There was a version that simply ran within a vanilla browser. What happened to that, and why the change? I can't find any discussion anywhere, not even a change log. ~ Agvulpine (talk) 13:12, 1 December 2013 (UTC)

Recent contributions by User:1Secretlove1
The text above was added to the article by User:1Secretlove1. See the following Wikipedia policies: DUE, No original research and Sources. --Nullnullthree (talk) 12:27, 14 April 2014 (UTC)

Other software "failed to work"?
Last paragraph in History: "In June 2013, Cryptocat was used by journalist Glenn Greenwald while in Hong Kong to meet NSA whistleblower Edward Snowden for the first time, after other encryption software failed to work."

What is meant here by "failed to work" and which other encryption software? Almost sounds like a general bashing ("bashing" might be the wrong expression) of other encryption software. More realistically Greenwald probably couldn't get the others to work since they probably weren't as user friendly. I might be nitpicking but that's a completely different thing than "failed to work". Does anyone have access to the book and can clarify? Thanks.

- Erik.Bjareholt (talk) 23:38, 3 November 2015 (UTC)

Claims made in the encryption section
Regarding the following statement that was added to the article:
 * "Cryptocat messages obtain confidentiality, integrity, source authenticity, forward and future secrecy and indistinguishability even over a network controlled by an active attacker. In the event of a long-term identity key compromise, an attacker will be able to impersonate the victim's device identity in the future but cannot decrypt past messages."

I think we should refrain from making such claims unless they can be sourced with a technical review/audit of Cryptocat that has been made by a reliable third-party source after Cryptocat's re-release. Specifically one that has looked at Cryptocat's implementation of the protocol(s) that it uses. In the meantime, my suggestion is to use the following form:
 * "Cryptocat's goal is for its messages to obtain confidentiality, integrity, source authenticity, forward and future secrecy and indistinguishability even over a network controlled by an active attacker."

The suggestion above does not need a technical review/audit as a source, but does need a source (preferably one that can be classified as a secondary source). I would remove the second sentence because it's just a description of forward secrecy, and can be replaced by an internal link to that article in the first sentence (or earlier). --Dodi 8238 (talk) 16:25, 21 April 2016 (UTC) [edited 16:27, 21 April 2016 (UTC)]

Crypto cat no longer in beta, please update
I don't know what to call the version

"Out of Beta! Cryptocat is no longer beta software. Bugs will certainly still occur in the upcoming history of the project, but we are reasonably confident in the reliability of the current client. Thanks to everyone who contributed to our more than 150 reports with bugs, feedback and enhancements!" - https://crypto.cat/news.html — Preceding unsigned comment added by Mermaidthrone (talk • contribs) 07:47, 23 July 2016 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 3 external links on Cryptocat. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20141015215301/https://blog.crypto.cat/2014/04/recent-audits-and-coming-improvements/ to https://blog.crypto.cat/2014/04/recent-audits-and-coming-improvements/
 * Added archive https://web.archive.org/web/20141111151356/https://blog.crypto.cat/2014/05/cryptocat-now-with-encrypted-facebook-chat/ to https://blog.crypto.cat/2014/05/cryptocat-now-with-encrypted-facebook-chat/
 * Corrected formatting/usage for http://www.montrealgazette.com/technology/Free%2Bencryption%2Bsoftware%2BCryptocat%2Bprotects%2Bright%2Bprivacy%2Binventor/6166181/story.html

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 02:31, 15 August 2017 (UTC)

Site no longer available
Site (crypto.cat) is no longer functional: domain is for sale, on the site stub is a link to wire dot com as a secure messenger. I suppose links on the page should be removed as well? Boyandin (talk) 10:27, 9 September 2019 (UTC)

status = defunct
A reader should know whether the software is still available or not, but the parameter "status" in the infobox is unknown for the parser. Who made this "improvement", and why was it accepted? 85.193.252.19 (talk) 21:53, 21 October 2021 (UTC)