Cryptocat

crypto.cat/

Has anyone ever heard of this? How does it compare to Tox?

Other urls found in this thread:

tobtu.com/decryptocat.php
tobtu.com/decryptocat-old.php
pastebin.com/raw/UWffBQbn:
github.com/qTox/qTox/commit/f79bb2402436ca51849233577dcba63368536800
github.com/qTox/qTox/issues/2173
toxstats.com
dailydot.com/layer8/telegram-isis-encryption-cryptography/
toktok.github.io/spec
en.wikipedia.org/wiki/NaCl_(software)
twitter.com/SFWRedditGifs

It's written by morons, see tobtu.com/decryptocat.php

Fuck's sake, I forgot the URL changed. The link you want is tobtu.com/decryptocat-old.php

I thought "RSA512Cat" was a bad enough meme, but reading that they managed to fuck up curve25519 too? That level of stupidity takes dedication.

So these retards forgot the first rule of cryptography:

Don't roll your own fucking crypto unless you are a world renowned cryptography programmer.

Wow, thanks for the info. Guess I'll just stick to Tox for now.

So is there a similar writeup for Tox?


Don't fiddle with parameters either. It's quite possible to use great encryption insecurely.

The closest you'll get is having some impotent shitposter with anger control issues show up to sperg out over it with a wall of unsourced/obsolete statements, frequently combined with some outright bullshit about IPs demonstrating a complete lack of understanding of the OSI model.

Tox was going to get a proper security audit, but that was before stq stole the project's money and domain name. The fact that nobody is able to produce a truthful example of any security flaw in its design after 2 years is a positive sign.

The biggest real problem it has right now is a shitty core library and shitty frontends, and anything interesting happens in feature branches that don't get merged for months so the entire ecosystem looks dead from the outside.

Or nobody cares about it. Maybe they should've used a cat logo. Cats get all the attention.

How so?

qTox is pretty good, but I definitely quit using µTox for a reason.

It's been on LWN a few times. More attention than a lot of these meme-of-the-week chat programs get.


It can't go more than a few hours without losing connection to the outside world or going crazy and overloading the network. Sometimes both.
Also the gap between what they promise and what they deliver keeps getting bigger, and they keep making stupid design decisions like the DNS naming mechanism which seems to need a complete rewrite every few months. Just copy what IPFS or GPG are doing there and stop fucking around.


Two clients and 5 different message formatting dialects between them :^)

The following is a random keyword the nsa monitors via pastebin.com/raw/UWffBQbn: intelligence


That's officially dead now, by the way. It uses http lookups to any toxme instance for simplicity.

In the long run GrayHatter would like to use bits of multidevice to enable distributed name resolution that can be officially recommended by people with a conscience.

I'm not sure what you mean by that.

This rule refers to rolling your own crypto systems, although most people definitely shouldn't write crypto implementations either.

Tox isn't secure just because nobody can be arsed to attack it. Being featured on LWN means not much and "the others do it too" doesn't have any value since most crypto software is hot garbage. There is also no reason why an interested attacker should publish his attack.

This is delusional and you know it.

people still use tox?

The Tox developers have not been served any secret court orders and are not under any gag orders.

Can whatever you came here to shill say the same?

brilliant
until there's something with >= featureset (FLOSS, encrypted, totally distributed, voip and messaging) or some other huge benefit that I care about, tox is the best thing out there right now
I'm hearing that maidsafe deprecates all of it from that one annoying fuck in group 0 so I've got my eye on it but there's no normie friendly release yet so wew

im not complaining. It was a question.


put down your tin foil hat, faggot.

well in that case, yeah, lots of people use tox, the groups are pretty active every day, and everybody around me who wants to talk to me uses it now.
apparently they like talking to me more than they like facebook, that's pretty cool

also on qtox for forever there was a whole collection of errors all stemming from multiple definitions existing for the same function. and when it went to the linker it linked to the wrong function.

this is fixed now if you grab up to date code off git but if you install from apt last i checked you'll grab an old version that still has the problem. it literally freezes the entire system and consumes all memory from a leak until it finally crashes your x server. i don't know how an error like that can get through, i can only laugh.

literally never heard of that and I've been around since 2014
probably a misconfiguration on your riced to death arch

github.com/qTox/qTox/commit/f79bb2402436ca51849233577dcba63368536800

ex tox dev here, it's shit don't use it

github.com/qTox/qTox/issues/2173

read comments describing the bug.

why

no real obstacles get dealt with, all of the devs are up their ass with their own autism to pay any attention to what they are actually making and not how cool, 1337, and undocumented their code is. toxcore is an unmaintainable piece of garbage that only irun can barely commit to, none of the client devs can stand the core devs and many quit.

for a while most of the project was basically ran by a jewish guy called david, but he couldn't stand the autism and just quit instead, everyone hates it.

Yes. toxstats.com


Keep spreading that FUD, surely it will work this time.

Why not use telegram?

Can't be any more fishy or shit than tox

You might as well just use Skype. Telegram provides no real security.

doesnt it have end to end encryption and all that jazz?

They made a crypto 101 mistake which is rolling your own crypto (among many other mistakes).

dailydot.com/layer8/telegram-isis-encryption-cryptography/

Good enough for me

Looks pretty well documented to me...
toktok.github.io/spec

Then how do you explain pic related?

You sound pretty butthurt

David wasn't Jewish and he was never the project lead. He never even contributed any code. He quit because of Stqism, who was kicked out of the project over a year ago for being an actual Jew. Needless to say, this is all ancient drama and has nothing to do with the current state of development.

You're cryptographically illiterate if you trust homebrew encryption.

The NSA/Russia/China has probably already broken it.

Just like whatever tox uses :^)

Tox uses a state of the art FOSS encryption library that is widely researched and has no known flaws. en.wikipedia.org/wiki/NaCl_(software)

They weren't retarded or arrogant enough to think they could single-handedly outsmart every crypto expert/hacker/intelligence agency in the world

...

Fuck off back to your containment board

Looks like you're in the wrong site
>>>/4chan/
>>>/reddit/
>>>/tumblr/

Looks like you have no idea who Bernstein is and maybe wandered into the wrong board. There's even a picture of a jew in the sticky.

Daniel J. Bernstein is a widely renowned mathematician and cryptographer who managed to get software legally recognized as free speech in the US and made it legal to export strong encryption.

Some jews in computing are the greedy degeneracy-encouraging kind people shitpost about on Holla Forums, but it's not a safe assumption to make.

Jew in the sticky isn't really a great poster child for a Jew not acting like a big old Jew

Remember the 6 GPLillion

He did decide that he would rather not write software than make money writing proprietary software, even though he would have been able to make a fuckton of money doing that. He wrote a million dollars' worth of code, for free, just to get back at Symbolics for making their code proprietary.

GO BACK TO STORMFRONT YOU LOBOTOMIZED PEDO

The contest was set up in a way that precluded a lot of common attacks. If somebody was actually able to win this, the system would have been hilariously broken. The contest was a PR move, and a really sketchy one at that.

...

Now I'm confused. Cryptocat was cracked at some point while Telegram is TL;DR insecure pic related.

What other FOSS alternative do we have?

riot.im

is that whole matrix meme even good?

Telegram has been known to be vulnerable to MITM. You trust their servers.
Cryptocat was just an easier target to pick on because it's hard to explain to people that the Telegram crypto contest is bullshit and claiming that your hired mathematicians means your protocol is rock solid is just wrong.