Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    


Steve Weis steveweis at
Tue Jun 18 13:05:46 PDT 2013

It's not safe.

This is their bookmarklet:

That loads a JavaScript file from the site, which can be
changed at any time and compromise your messages without your knowledge.

The actual call to encrypt data is here: :
hmac = hex_hmac_sha1(key, _this.text);
hmac += hmac.slice(0, 24);
cipher = hmac + salt + Aes.Ctr.encrypt(_this.text, key, 256);

They're MACing the key for some reason, then using unauthenticated CTR mode
without an HMAC. So this is completely vulnerable to someone modifying the

That CTR mode is implemented by this: That's
using the time of day as a nonce combined with a weak JS Math.random().
That's vulnerable to some attacks as well.

Generally, I'd assume that a random crypto project you run across is
probably not safe.

On Tue, Jun 18, 2013 at 11:51 AM, Lorenzo Franceschi Bicchierai <
lorenzofb8 at> wrote:

> Have you guys seen this?
> I've searched through the archives but didn't see anything. I'm wondering
> how safe this is.
> It has received some small attention on the media before.
> Thoughts?
> --
> *Lorenzo Franceschi-Bicchierai
> *Mashable <> Junior US & World Reporter
> lorenzo at | lorenzofb8 at
> #: (+1) 917 257 1382
> Twitter: @lorenzoFB <>
> Skype: lorenzofb8
> OTR: lorenzofb at
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at or changing your settings at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list