548:
562:
1307:
240:
140:
96:
36:
27:
326:
In March 2016 Kobeissi announced the re-release of
Cryptocat, rewritten completely as desktop software instead of the original web application software, as a public beta and the resumption of the service. The new desktop-centric approach allowed Cryptocat to benefit from stronger desktop integration, in a style similar to
418:'s "Secure Messaging Scorecard" from 4 November 2014 until 13 March 2016. During that time, Cryptocat had a score of 7 out of 7 points on the scorecard. It had received points for having communications encrypted in transit, having communications encrypted with keys the provider did not have access to (
460:
mobile application. Cryptocat's goal is for its messages to obtain confidentiality, integrity, source authenticity, forward and future secrecy and indistinguishability even over a network controlled by an active attacker. The forward secrecy features of the protocol that
Cryptocat uses are similar to
325:
In
February 2016, citing dissatisfaction with the project's current state after 19 months of non-maintenance, Kobeissi announced that he would be taking Cryptocat temporarily offline and discontinuing the development of its mobile application, pending a complete rewrite and relaunch of the software.
313:
In June 2013, security researcher Steve Thomas pointed out a security bug that could be used to decrypt any group chat message that had taken place using
Cryptocat between September 2012 and 19 April 2013. Private messages were not affected, and the bug had been resolved a month before. In response,
375:
Originally in 2013, Cryptocat offered the ability to connect to
Facebook Messenger to initiate encrypted chatting with other Cryptocat users. According to the developers, the feature was meant to help offer an alternative to the regular Cryptocat chat model which did not offer long-term contact
356:
All messages, files and audio/video recordings sent over
Cryptocat are end-to-end encrypted. Cryptocat users link their devices to their Cryptocat account upon connection, and can identify each other's devices via the client's device manager in order to prevent
279:
to secure all communications to other
Cryptocat users. Users are given the option of independently verifying their buddies' device lists and are notified when a buddy's device list is modified and all updates are verified through the built-in update downloader.
535:
and other official channels controlled by targeted platforms. After
Cryptocat's re-write into desktop software in March 2016, the software became distributed exclusively through Cryptocat's own servers, which also handle signed update delivery.
515:. According to the project's mission statement, Cryptocat's network only relays encrypted messages and does not store any data. In addition to the Cryptocat client's end-to-end encryption protocol, client-server communication is protected by
317:
In
February 2014, an audit by iSec Partners criticized Cryptocat's authentication model as insufficient. In response, Cryptocat made improvements to user authentication, making it easier for users to authenticate and detect
1227:
455:
handshake. The handshake mixes in long-term identity keys, an intermediate-term signed pre-key, and a one-time use pre-key. The approach is similar to the encryption protocol adopted for encrypted messaging by the
349:
chat conversations. Users can exchange one-to-one messages, encrypted files, photos as well as create and share audio/video recordings. All devices linked to
Cryptocat accounts will receive
980:
1274:
368:
Cryptocat also includes a built-in auto-update mechanism that automatically performs a signature check on downloaded updates in order to verify authenticity, and employs TLS
310:
and questioned about Cryptocat's censorship resistance. He tweeted about the incident afterwards, resulting in media coverage and a spike in the popularity of the software.
860:
314:
Cryptocat issued a security advisory, requested that all users ensure that they had upgraded, and informed users that past group conversations may have been compromised.
1237:
780:
333:
In February 2019, it was announced that Cryptocat would be discontinued. As of December 2019, the cryptocat domain is for sale and links to the site for the
1003:
1246:
422:), making it possible for users to independently verify their correspondent's identities, having past communications secure if the keys were stolen (
825:
1212:
1365:
970:
808:
307:
1284:
488:
for signing. In order to limit the effect of a long-term identity key compromise, long-term keys are used exclusively once for the initial
727:
921:
1083:
1360:
1355:
852:
575:
1105:
567:
1345:
1049:
452:
784:
202:
1350:
1335:
882:
287:
and further developed along with a community of open source contributors and is published under the terms of the
1340:
415:
1007:
754:
693:
618:
666:
469:
119:
1182:
829:
87:
1131:
489:
219:
805:
1156:
914:"We are discontinuing the Cryptocat service starting tomorrow. The software is no longer maintained"
430:), having its security designs well-documented, and having completed an independent security audit.
553:
516:
462:
444:
358:
319:
239:
95:
943:
528:
723:
580:
457:
913:
419:
346:
276:
499:
standard, which also gives Cryptocat multi-device support and allows for offline messaging.
427:
256:
253:
207:
8:
1041:
1034:
473:
369:
139:
1306:
1232:
1073:
971:"Cryptocat Creates an Encrypted, Disposable Chatroom on Any Computer with a Web Browser"
1279:
362:
1045:
327:
264:
1106:"Secure Messaging Scorecard. Which apps and tools actually keep your messages safe?"
637:
451:
and future secrecy across messages, after a session is established using a four-way
595:
527:
From March 2011 until March 2016, Cryptocat was officially distributed through the
214:
189:
185:
160:
1109:
1029:
975:
812:
532:
448:
423:
385:
350:
334:
300:
193:
35:
1259:
408:
397:
284:
165:
51:
1329:
644:
492:, and once for signing a newly generated intermediate-term signed pre-key.
1036:
No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State
1312:
585:
481:
260:
128:
1228:"Free encryption software Cryptocat protects right to privacy: inventor"
1074:"Iran Blocks Encrypted Chat Service Despite Claims of Internet Freedom"
590:
512:
477:
153:
58:
46:
890:
306:
In June 2012, Kobeissi said he was detained at the U.S. border by the
389:
26:
400:
for the first time, after other encryption software failed to work.
1264:
1247:"Using His Software Skills With Freedom, Not a Big Payout, in Mind"
1078:
750:
701:
806:
https://isecpartners.github.io/publications/iSEC_Cryptocat_iOS.pdf
622:
1108:. Electronic Frontier Foundation. 4 November 2014. Archived from
485:
658:
1318:
1217:
1186:
724:"Developer's detention spikes interest in Montreal's Cryptocat"
365:
mechanism in order to help detect device identity key changes.
496:
288:
272:
774:
772:
1213:"Crypto.cat Aims To Offer Super-Simple Encrypted Messaging"
508:
480:
for Elliptic curve Diffie-Hellman shared secret agreement,
404:
268:
853:"How the U.S. Fights Encryption—and Also Helps Develop It"
769:
393:
844:
1260:"Raspberry Pi network plan for online free-speech role"
376:
lists. This feature was disconnected in November 2015.
1300:
947:
778:
230:
1071:
407:, shortly after the election of Iran's new president
688:
686:
684:
543:
1072:Franceschi-Bicchierai, Lorenzo (21 November 2013).
612:
610:
372:in order to prevent network impersonation attacks.
1275:"Cryptocat Aims for Easy-to-use Encrypted IM Chat"
1033:
781:"New Critical Vulnerability in Cryptocat: Details"
291:license, although it has since been discontinued.
681:
299:Cryptocat was first launched on 19 May 2011 as a
1327:
607:
1174:
426:), having its code open to independent review (
384:In June 2013, Cryptocat was used by journalist
495:For the transport layer, Cryptocat adopts the
1004:"Cryptocat, Now with Encrypted Facebook Chat"
497:OMEMO Multi-End Message and Object Encryption
1305:
1244:
411:who had promised more open Internet laws.
403:In November 2013, Cryptocat was banned in
238:
138:
94:
34:
1210:
1028:
911:
1226:Curtis, Christopher (17 February 2012).
748:
1257:
850:
826:"Recent Audits and Coming Improvements"
576:Comparison of instant messaging clients
40:Cryptocat 3.1.24 running on Windows 10.
1366:Free software programmed in JavaScript
1328:
1225:
968:
379:
16:Open source encrypted chat application
1180:
1001:
924:from the original on 12 December 2021
823:
616:
345:Cryptocat allows its users to set up
1272:
1157:"Cryptocat Cryptographic Primitives"
851:Paletta, Damian (22 February 2016).
730:from the original on 29 January 2013
568:Free and open-source software portal
13:
1258:Knowles, Jamillah (3 March 2012).
1204:
1132:"Cryptocat Axolotl Implementation"
14:
1377:
1292:
1086:from the original on 22 June 2014
983:from the original on 19 June 2014
946:. 7 November 2019. Archived from
863:from the original on 19 June 2018
757:from the original on 26 July 2015
669:from the original on 18 July 2016
883:"Cryptocat Release Announcement"
645:"Cryptocat 3.2.08 Release Notes"
560:
546:
507:Cryptocat's network relies on a
25:
1211:Greenberg, Andy (27 May 2011).
1149:
1124:
1098:
1065:
1022:
995:
962:
936:
905:
875:
522:
433:
63:Nadim Kobeissi and contributors
1361:Software using the GPL license
1356:Free instant messaging clients
1273:Kirk, Jeremy (14 March 2012).
1040:. Metropolitan Books. p.
817:
799:
742:
726:. Itbusiness.ca. 8 June 2012.
716:
651:
476:for authenticated encryption,
416:Electronic Frontier Foundation
1:
969:Norton, Quinn (12 May 2014).
912:Cryptocat (5 February 2019).
619:"Cryptocat Mission Statement"
601:
453:Elliptic-curve Diffie–Hellman
438:
353:messages, even when offline.
1245:Dwyer, Jim (17 April 2012).
779:Cryptocat Development Blog.
470:Advanced Encryption Standard
414:Cryptocat was listed on the
259:intended to allow encrypted
7:
1183:"Cryptocat Download Server"
539:
361:. Cryptocat also employs a
340:
10:
1382:
511:configuration served over
502:
490:Authenticated Key Exchange
461:those first introduced by
294:
220:GNU General Public License
1346:Internet privacy software
359:man-in-the-middle attacks
320:man-in-the-middle attacks
283:Cryptocat was created by
225:
213:
201:
179:
171:
159:
149:
118:
114:
86:
82:
67:
57:
45:
33:
24:
811:12 November 2020 at the
554:Freedom of speech portal
463:Off-the-Record Messaging
445:Double Ratchet Algorithm
857:The Wall Street Journal
529:Google Chrome Web Store
484:for key derivation and
1351:Free security software
1336:Cryptographic software
694:"Cryptocat - Security"
581:Freedom of information
1341:End-to-end encryption
420:end-to-end encryption
277:end-to-end encryption
101:; 7 years ago
71:19 May 2011
1287:on 17 December 2012.
1240:on 19 February 2012.
347:end-to-end encrypted
208:Secure communication
1112:on 15 November 2016
1010:on 11 November 2014
893:on 22 December 2016
474:Galois/Counter Mode
468:Cryptocat uses the
447:in order to obtain
380:Reception and usage
370:certificate pinning
257:desktop application
21:
1189:on 18 January 2019
950:on 7 November 2019
832:on 15 October 2014
363:Trust on first use
252:is a discontinued
99:/ 20 February 2017
47:Original author(s)
19:
443:Cryptocat uses a
247:
246:
182:List of languages
1373:
1309:
1304:
1303:
1301:Official website
1288:
1283:. Archived from
1269:
1254:
1241:
1236:. Archived from
1233:Montréal Gazette
1222:
1199:
1198:
1196:
1194:
1185:. Archived from
1178:
1172:
1171:
1169:
1167:
1153:
1147:
1146:
1144:
1142:
1128:
1122:
1121:
1119:
1117:
1102:
1096:
1095:
1093:
1091:
1069:
1063:
1062:
1060:
1058:
1039:
1030:Greenwald, Glenn
1026:
1020:
1019:
1017:
1015:
1006:. Archived from
999:
993:
992:
990:
988:
966:
960:
959:
957:
955:
940:
934:
933:
931:
929:
909:
903:
902:
900:
898:
889:. Archived from
879:
873:
872:
870:
868:
848:
842:
841:
839:
837:
828:. Archived from
821:
815:
803:
797:
796:
794:
792:
783:. Archived from
776:
767:
766:
764:
762:
746:
740:
739:
737:
735:
720:
714:
713:
711:
709:
700:. Archived from
690:
679:
678:
676:
674:
655:
649:
648:
641:
635:
634:
632:
630:
621:. Archived from
614:
596:Internet privacy
570:
565:
564:
563:
556:
551:
550:
549:
243:
242:
235:
232:
161:Operating system
142:
137:
134:
132:
130:
109:
107:
106:20 February 2017
102:
98:
78:
76:
38:
29:
22:
18:
1381:
1380:
1376:
1375:
1374:
1372:
1371:
1370:
1326:
1325:
1299:
1298:
1295:
1207:
1205:Further reading
1202:
1192:
1190:
1179:
1175:
1165:
1163:
1155:
1154:
1150:
1140:
1138:
1130:
1129:
1125:
1115:
1113:
1104:
1103:
1099:
1089:
1087:
1070:
1066:
1056:
1054:
1052:
1032:(13 May 2014).
1027:
1023:
1013:
1011:
1000:
996:
986:
984:
976:The Daily Beast
967:
963:
953:
951:
942:
941:
937:
927:
925:
910:
906:
896:
894:
881:
880:
876:
866:
864:
849:
845:
835:
833:
822:
818:
813:Wayback Machine
804:
800:
790:
788:
777:
770:
760:
758:
747:
743:
733:
731:
722:
721:
717:
707:
705:
704:on 7 April 2016
692:
691:
682:
672:
670:
657:
656:
652:
643:
642:
638:
628:
626:
625:on 7 April 2016
615:
608:
604:
566:
561:
559:
552:
547:
545:
542:
533:Apple App Store
525:
505:
441:
436:
424:forward secrecy
386:Glenn Greenwald
382:
343:
301:web application
297:
261:online chatting
237:
229:
197:
196:
183:
145:
127:
110:
105:
103:
100:
74:
72:
68:Initial release
41:
17:
12:
11:
5:
1379:
1369:
1368:
1363:
1358:
1353:
1348:
1343:
1338:
1322:
1321:
1310:
1294:
1293:External links
1291:
1290:
1289:
1270:
1255:
1251:New York Times
1242:
1223:
1206:
1203:
1201:
1200:
1173:
1148:
1123:
1097:
1064:
1051:978-1627790734
1050:
1021:
994:
961:
935:
904:
874:
843:
816:
798:
787:on 5 July 2013
768:
749:Steve Thomas.
741:
715:
680:
650:
636:
605:
603:
600:
599:
598:
593:
588:
583:
578:
572:
571:
557:
541:
538:
524:
521:
504:
501:
440:
437:
435:
432:
409:Hassan Rouhani
398:Edward Snowden
396:whistleblower
381:
378:
351:forward secure
342:
339:
335:Wire messenger
296:
293:
285:Nadim Kobeissi
263:available for
245:
244:
227:
223:
222:
217:
211:
210:
205:
199:
198:
184:
181:
180:
177:
176:
173:
169:
168:
166:Cross-platform
163:
157:
156:
151:
147:
146:
144:
143:
124:
122:
116:
115:
112:
111:
92:
90:
84:
83:
80:
79:
69:
65:
64:
61:
55:
54:
52:Nadim Kobeissi
49:
43:
42:
39:
31:
30:
15:
9:
6:
4:
3:
2:
1378:
1367:
1364:
1362:
1359:
1357:
1354:
1352:
1349:
1347:
1344:
1342:
1339:
1337:
1334:
1333:
1331:
1324:
1320:
1316:
1315:
1311:
1308:
1302:
1297:
1296:
1286:
1282:
1281:
1276:
1271:
1267:
1266:
1261:
1256:
1252:
1248:
1243:
1239:
1235:
1234:
1229:
1224:
1220:
1219:
1214:
1209:
1208:
1188:
1184:
1177:
1162:
1158:
1152:
1137:
1133:
1127:
1111:
1107:
1101:
1085:
1081:
1080:
1075:
1068:
1053:
1047:
1043:
1038:
1037:
1031:
1025:
1009:
1005:
998:
982:
978:
977:
972:
965:
949:
945:
939:
923:
919:
918:@cryptocatapp
915:
908:
892:
888:
884:
878:
862:
859:. News Corp.
858:
854:
847:
831:
827:
820:
814:
810:
807:
802:
786:
782:
775:
773:
756:
752:
751:"DecryptoCat"
745:
729:
725:
719:
703:
699:
695:
689:
687:
685:
668:
664:
660:
654:
646:
640:
624:
620:
613:
611:
606:
597:
594:
592:
589:
587:
584:
582:
579:
577:
574:
573:
569:
558:
555:
544:
537:
534:
530:
520:
518:
514:
510:
500:
498:
493:
491:
487:
483:
479:
475:
471:
466:
464:
459:
454:
450:
446:
431:
429:
425:
421:
417:
412:
410:
406:
401:
399:
395:
391:
387:
377:
373:
371:
366:
364:
360:
354:
352:
348:
338:
336:
331:
329:
323:
321:
315:
311:
309:
304:
302:
292:
290:
286:
281:
278:
274:
270:
266:
262:
258:
255:
251:
241:
234:
228:
224:
221:
218:
216:
212:
209:
206:
204:
200:
195:
191:
187:
178:
174:
170:
167:
164:
162:
158:
155:
152:
148:
141:
136:
126:
125:
123:
121:
117:
113:
97:
91:
89:
88:Final release
85:
81:
70:
66:
62:
60:
56:
53:
50:
48:
44:
37:
32:
28:
23:
1323:
1313:
1285:the original
1278:
1263:
1250:
1238:the original
1231:
1216:
1191:. Retrieved
1187:the original
1176:
1164:. Retrieved
1160:
1151:
1139:. Retrieved
1135:
1126:
1114:. Retrieved
1110:the original
1100:
1088:. Retrieved
1077:
1067:
1055:. Retrieved
1035:
1024:
1012:. Retrieved
1008:the original
997:
985:. Retrieved
974:
964:
952:. Retrieved
948:the original
944:"crypto.cat"
938:
926:. Retrieved
917:
907:
895:. Retrieved
891:the original
886:
877:
865:. Retrieved
856:
846:
834:. Retrieved
830:the original
819:
801:
789:. Retrieved
785:the original
759:. Retrieved
744:
732:. Retrieved
718:
706:. Retrieved
702:the original
697:
671:. Retrieved
662:
653:
639:
627:. Retrieved
623:the original
526:
523:Distribution
506:
494:
467:
442:
434:Architecture
413:
402:
383:
374:
367:
355:
344:
332:
324:
316:
312:
305:
298:
282:
249:
248:
172:Available in
93:3.2.08
59:Developer(s)
1181:Cryptocat.
1002:Cryptocat.
867:24 February
824:Cryptocat.
659:"Cryptocat"
617:Cryptocat.
586:GNU Project
482:HMAC-SHA256
428:open-source
275:. It uses
254:open-source
175:3 languages
1330:Categories
1161:github.com
1136:github.com
954:5 December
928:5 February
887:crypto.cat
698:crypto.cat
663:crypto.cat
602:References
591:Hacktivism
513:WebSockets
478:Curve25519
439:Encryption
154:JavaScript
150:Written in
135:/cryptocat
133:/cryptocat
120:Repository
75:2011-05-19
1314:Cryptocat
390:Hong Kong
388:while in
250:Cryptocat
20:Cryptocat
1265:BBC News
1193:22 April
1166:22 April
1141:22 April
1116:21 April
1084:Archived
1079:Mashable
981:Archived
922:Archived
897:22 April
861:Archived
809:Archived
755:Archived
728:Archived
708:29 March
673:29 March
667:Archived
629:22 April
540:See also
392:to meet
341:Features
1280:PCWorld
1090:22 June
1057:22 June
1014:22 June
987:22 June
836:22 June
761:10 July
734:28 July
503:Network
486:Ed25519
449:forward
295:History
265:Windows
226:Website
215:License
190:Catalan
186:English
104: (
73: (
1319:GitHub
1218:Forbes
1048:
791:7 July
531:, the
458:Signal
328:Pidgin
271:, and
236:
231:crypto
194:French
129:github
289:GPLv3
273:Linux
1195:2016
1168:2016
1143:2016
1118:2016
1092:2014
1059:2014
1046:ISBN
1016:2014
989:2014
956:2019
930:2019
899:2016
869:2016
838:2014
793:2013
763:2013
736:2012
710:2016
675:2016
631:2016
509:XMPP
405:Iran
269:OS X
233:.cat
203:Type
131:.com
1317:on
517:TLS
472:in
394:NSA
308:DHS
1332::
1277:.
1262:.
1249:.
1230:.
1215:.
1159:.
1134:.
1082:.
1076:.
1044:.
1042:59
979:.
973:.
920:.
916:.
885:.
855:.
771:^
753:.
696:.
683:^
665:.
661:.
609:^
519:.
465:.
337:.
330:.
322:.
303:.
267:,
192:,
188:,
1268:.
1253:.
1221:.
1197:.
1170:.
1145:.
1120:.
1094:.
1061:.
1018:.
991:.
958:.
932:.
901:.
871:.
840:.
795:.
765:.
738:.
712:.
677:.
647:.
633:.
108:)
77:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.