![]() ![]() They do eight million things, most of which require them to process arbitrary and untrusted data. To put a finer point on it: web browsers are some of the most complex software packages you can run on a consumer device. The weakness is that it runs in a frigging web browser. Cryptocat’s impressive user base testifies to the demand for such an application. It’s a strength because (1) just about everyone has a browser, (2) the user interface is pretty and intuitive, and (3) the installation process is trivial. Living in a browser is Cryptocat’s greatest strength and greatest weakness. In this scenario - known as a Man in the Middle (MITM) attack - all the encryption in the world won’t help you. The problem here is simple: if I can compromise such a service, then I can convince you to use my encryption key instead of your intended recipient’s. The real challenge turns out to be distributing users’ encryption keys securely, i.e., without relying on a trusted, central service. That’s because actually encrypting stuff is not the interesting part. However - and this is a critical point - ‘end-to-end encryption’ is rapidly becoming the most useless term in the security lexicon. This has even gotten Skype and Blackberry into a bit of hot water with foreign governments. In fact, these days almost everyone advertises some form of ‘ end-to-end encryption‘ for your data. First, the apps we’ll talk about here are hardly the only apps that use encryption. A couple of notes…īefore we get to the details, a few stipulations. In no particular order, these are Cryptocat, Silent Circle, RedPhone and Wickr. To take a crack at answering these questions, I’m going to look at four apps that seem to be getting a lot of press in this area. ![]()
0 Comments
Leave a Reply. |