0
Technical Challenges in Implementing
Cryptography for Accessible Mediums
Nadim Kobeissi

Application Security Forum 2013 —...
Thanks, J.P.!
Aumasson? More like
AWESOMEASSON.
...also Mr. Sylvain Maret
and other AppSec
organizers :3

2
Encryption tools
We can be optimistic about:
- Research.
- Availability.
- Variety.

3
But what about...
- Accessibility?
- Usability?

4
Cryptocat’s goal
Web chat client that’s just
as fun, easy, accessible as
Facebook chat.
But with strong, reliable,
useful,...
How does it work?
Download a browser app...
...install it and join a chat!
And that’s it.

6
Usability matters
A colorful, familiar,
appealing interface...
...accessibility features,
audio and visual
notifications.....
Challenges in making
crypto accessible
- Code delivery,
- PRNG,
- Implementation,
- ...and more.

8
General browser issues

(not Cryptocat-specific)
- PRNG (now fixed.)
- Code delivery (now fixed.)
- Shaky sandboxing
(prob...
Code delivery (2011)
- Reported by: the entire Internet (probably
Jacob Appelbaum deserves more credit.)

- Cryptocat was ...
Code delivery (2011)
- Cryptocat now signed
browser extension only
(since August 2012.)
Chrome, Firefox, Safari
(soon Oper...
AES-CTR nonce reuse (Nov. 2012)

- Reported by: Daniel Faucon (now a Cryptocat
developer.)

- Parties use shared secret
ke...
AES-CTR nonce reuse (Nov. 2012)

13
AES-CTR nonce reuse (Nov. 2012)

- Fixed by generating
random nonces.
- Cryptocat client stores
each nonce, discards
messa...
Code execution via
nickname (Nov. 2012)

- Reported by Mario Heiderich & team (as part
of a paid audit.)

- With Cryptocat...
Code execution via
nickname (Nov. 2012)
- Chrome now has
impressive security
restrictions for browser
apps/extensions.
- S...
PRNG Bug (July 2013)
- Reported by: Steve Thomas, further
researched and documented by Paul Ducklin of
Sophos Security.

-...
PRNG Bug (July 2013)

Credit for graphics: Paul Ducklin, Sophos Security (thanks!)
18
Wrong data typing
bug (July 2013)

- Reported by Steve Thomas (published as “Decryptocat”)

- Disastrous bug, reputation o...
Wrong data typing
bug (July 2013)

- This bug was missed by two audits by leading code
security and auditing firms.
- Poss...
It’s not all bad
- These bugs happen in any
good encryption project,
early in its life.
- We got some good
feedback and de...
Tips for disclosure
- Be honest and
transparent.
- Take full responsibility.
- Fix quickly.
- Be truly open source.
- Enco...
Tips in general
- Be honest and
transparent.
- Be truly open source.
- Be inclusive but keep
angry people away.
- Be clear...
24
Is it worth it?
We started in 2011: State
of browser crypto almost
non-existent.

Is it worth it? Are there any
real acces...
So much progress!
Teachers, counsellors,
Journalists,

Friends and family,
Businesspeople,

...have found a use for
access...
Big achievements
- Success story in making
crypto usable!
- Great study of group chat
encryption.
- OTR in the browser.
- ...
Overall positive
outlook

- More scrutiny than other
projects = faster security
improvements than other
projects
- Third a...
Yes, you can use
Cryptocat!

- Obviously not as a
replacement for PGP or
something.
- But instead of Facebook
chat or Skyp...
People today

FACEPALM

“Let’s solve a global
surveillance apparatus built
thanks to strong shared
realist foreign policy
...
Localization matters
Over 35 languages covered.
Cryptocat automatically
detects browser language,
configures accordingly.
...
Get involved!
Website: www.crypto.cat
Twitter: @cryptocatapp
IRC: #cryptocat, irc.oftc.net
My email: nadim@crypto.cat

32
Upcoming SlideShare
Loading in...5
×

ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile à utiliser par Kobeissi Nadim

357

Published on

La mission de Cryptocat pour faire les conversations cryptées accessible aux masses a été couronnée de succès – mais quels sont les dangers cryptographiques et les limitations techniques?

Avec plus que 65,000 utilisateurs réguliers, Cryptocat a réussi à rendre le chat crypté accessible à toute personne qui sait comment utiliser Facebook Chat ou Skype. Mais avec l’accessibilité, nous avons rencontré de nombreux problèmes de sécurité que nous avons besoin de répondre. Cette conférence traite de ces défis et pourquoi la poursuite des travaux sur Cryptocat est nécessaire, compte tenu d’eux.

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
357
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "ASFWS 2013 - Cryptocat: récents défis en faisant la cryptographie plus facile à utiliser par Kobeissi Nadim"

  1. 1. Technical Challenges in Implementing Cryptography for Accessible Mediums Nadim Kobeissi Application Security Forum 2013 — Yverdon, Switzerland 1
  2. 2. Thanks, J.P.! Aumasson? More like AWESOMEASSON. ...also Mr. Sylvain Maret and other AppSec organizers :3 2
  3. 3. Encryption tools We can be optimistic about: - Research. - Availability. - Variety. 3
  4. 4. But what about... - Accessibility? - Usability? 4
  5. 5. Cryptocat’s goal Web chat client that’s just as fun, easy, accessible as Facebook chat. But with strong, reliable, useful, open source encryption. 5
  6. 6. How does it work? Download a browser app... ...install it and join a chat! And that’s it. 6
  7. 7. Usability matters A colorful, familiar, appealing interface... ...accessibility features, audio and visual notifications... ..and more. 7
  8. 8. Challenges in making crypto accessible - Code delivery, - PRNG, - Implementation, - ...and more. 8
  9. 9. General browser issues (not Cryptocat-specific) - PRNG (now fixed.) - Code delivery (now fixed.) - Shaky sandboxing (probably good in Chrome.) - Bigger attack surface. - More research needed. 9
  10. 10. Code delivery (2011) - Reported by: the entire Internet (probably Jacob Appelbaum deserves more credit.) - Cryptocat was a website, not a browser extension. - Code was sent from scratch for every use. - MITM, malicious server potential. 10
  11. 11. Code delivery (2011) - Cryptocat now signed browser extension only (since August 2012.) Chrome, Firefox, Safari (soon Opera.) 11
  12. 12. AES-CTR nonce reuse (Nov. 2012) - Reported by: Daniel Faucon (now a Cryptocat developer.) - Parties use shared secret key, and... - Nonce for both conversation parties started at 0 and incremented for each message. 12
  13. 13. AES-CTR nonce reuse (Nov. 2012) 13
  14. 14. AES-CTR nonce reuse (Nov. 2012) - Fixed by generating random nonces. - Cryptocat client stores each nonce, discards messages with repeat nonces and warns user. 14
  15. 15. Code execution via nickname (Nov. 2012) - Reported by Mario Heiderich & team (as part of a paid audit.) - With Cryptocat, now you can have XSS bugs in your crypto! - Important lesson: always watch out for the weakest link in a crypto app (might be the UI code.) 15
  16. 16. Code execution via nickname (Nov. 2012) - Chrome now has impressive security restrictions for browser apps/extensions. - Severely limits code injection/XSS attack surface. 16
  17. 17. PRNG Bug (July 2013) - Reported by: Steve Thomas, further researched and documented by Paul Ducklin of Sophos Security. - Shows how a tiny typo can have a big effect. - Strong CSPRNG (Salsa20) with strong seed! - But when converting output to decimals, mistake produced bias towards 0. 17
  18. 18. PRNG Bug (July 2013) Credit for graphics: Paul Ducklin, Sophos Security (thanks!) 18
  19. 19. Wrong data typing bug (July 2013) - Reported by Steve Thomas (published as “Decryptocat”) - Disastrous bug, reputation of project still recovering. - For ECDH private key, we generated 32 decimals instead of 32 bytes. - Security went from ~2^250 to ~2^54. 19
  20. 20. Wrong data typing bug (July 2013) - This bug was missed by two audits by leading code security and auditing firms. - Possible reason: it’s hard/impossible to unit test for this kind of thing. 20
  21. 21. It’s not all bad - These bugs happen in any good encryption project, early in its life. - We got some good feedback and dealt with the bugs transparently. 21
  22. 22. Tips for disclosure - Be honest and transparent. - Take full responsibility. - Fix quickly. - Be truly open source. - Encourage further audits. - Learn from mistakes. - Perfect your practice. 22
  23. 23. Tips in general - Be honest and transparent. - Be truly open source. - Be inclusive but keep angry people away. - Be clear about security claims/experimental status. - Trust yourself and learn. - Be a cat :3 23
  24. 24. 24
  25. 25. Is it worth it? We started in 2011: State of browser crypto almost non-existent. Is it worth it? Are there any real accessibility results? 25
  26. 26. So much progress! Teachers, counsellors, Journalists, Friends and family, Businesspeople, ...have found a use for accessible privacy. ~80,000 regular users. Plus, we have overcome many technical challenges. 26
  27. 27. Big achievements - Success story in making crypto usable! - Great study of group chat encryption. - OTR in the browser. - Use-case for W3C Crypto API. 27
  28. 28. Overall positive outlook - More scrutiny than other projects = faster security improvements than other projects - Third audit is underway right now (by Zooko Wilcox-O’Hearn, and team) 28
  29. 29. Yes, you can use Cryptocat! - Obviously not as a replacement for PGP or something. - But instead of Facebook chat or Skype, it’s a great alternative with a lot of community review. 29
  30. 30. People today FACEPALM “Let’s solve a global surveillance apparatus built thanks to strong shared realist foreign policy convictions doubled by domestic assurances... WITH AN APP.” 30
  31. 31. Localization matters Over 35 languages covered. Cryptocat automatically detects browser language, configures accordingly. 31
  32. 32. Get involved! Website: www.crypto.cat Twitter: @cryptocatapp IRC: #cryptocat, irc.oftc.net My email: nadim@crypto.cat 32
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×