Encrypted IM app left vulnerable to snooping for 7 months

Despite being an open-source security project, three lines of code that made encryption keys easy to break have gone unnoticed in instant messenger application Cryptocat.
Written by Michael Lee, Contributor

A vulnerability in encrypted, open-source instant messenger application Cryptocat has meant that communications during a seven-month period were susceptible to snooping.

Key pairs that Cryptocat uses to set up the encryption used in group chats were discovered to be significantly easier to attack, with a vigilant coder, Steve Thomas, pointing out that three lines of code resulted in poor security.

The difference in those three lines meant that from version 2.0 of Cryptocat, private keys were much easier to crack via brute force. Although it was patched in version 2.0.42 of the software, seven months had passed between the two releases.

"Group conversations that were had during those seven months were likely vulnerable to being significantly easier to crack," Cryptocat's developers wrote on their blog.

Thomas went into much further detail on his own blog about how large the keyspace was prior to 2.0.42, and how, after initially spending a day calculating enough data, any key can be cracked in a few minutes. With the new update, the time required is significantly longer.

"For Cryptocat version 2.0.42, this will take 1,000 computer years to generate, 500 computer years on average to use, and 40 petabytes to store. So the only ones capable of doing this are large companies and governments," Thomas wrote.

Intercepting traffic is slightly harder, as Cryptocat itself runs over HTTPS. However, Thomas pointed out that this means the user has to trust that Cryptocat doesn't store encrypted messages itself, and that its private SSL key must be kept secure. In other words, the security of the software again relies on a third party.

Cryptocat's developers said that as far as they know, its SSL keys are still secure. It has, nevertheless, rotated its keys as a precaution, and acknowledged that this doesn't excuse the fact that its encryption keys (for chat) were significantly weaker.

"[HTTPS/SSL] does not in any way save from the fact that due to our blunder, seven months of conversations were easier to crack. This is still a real mistake."

The developers did not promise the impossible by saying it would never make a mistake again. Instead, they took a more realistic approach to handling the issue.

"We will always make mistakes, even 10 years from now. Cryptocat is not any different from any of the other notable privacy, encryption, and security projects, in which vulnerabilities get pointed out on a regular basis and are fixed. Bugs will continue to happen in Cryptocat, and they will continue to happen in other projects, as well. This is how open-source security works."

Thomas has been recognised for his contribution to the project, including payment as part of Cryptocat's bug hunter program, but he has little respect for the developers after making his findings.

"I think everyone involved with Cryptocat are incompetent. I feel bad about calling them incompetent, but it is true. If you mess up in all the places I cared to check ... that's incompetence," Thomas wrote.

Editorial standards