Cryptocat: webchat with client-side encryption features

Took me a little while to realise you set the password in the blue box above the text entry. Interesting concept though.<p>For those interested it uses crypto-js (<a href="http://code.google.com/p/crypto-js/" rel="nofollow">http://code.google.com/p/crypto-js/</a>).<p>Might want to increase the random entropy source, from what I can see it's just DateTime.<p>Also I'd use a better hashing algorithm than SHA1 with AES-256.<p>I understand the need for PBDKF2, but I'm not so sure about using the password as the key and salt.

Made a test room, 'hn' (<a href="https://crypto.cat/?c=hn" rel="nofollow">https://crypto.cat/?c=hn</a>). Set a key, 'password'. Will leave it open in background and peek in occasionally if others want to try.

I was thinking of building something similar. The benefits of client-side encryption is that the message is entirely encrypted until it reaches the destination. Even if the cryptocat server was compromised, the message is still "safe".

Seems useful.