On 3/11/15 12:42 PM, stef wrote: > On Wed, Mar 11, 2015 at 11:53:35AM +0100, Fabio Pietrosanti (naif) - lists > wrote: >> at GlobaLeaks we're undergoing implementation of client-side encryption >> with server-side storage of PGP Private keys. > i didn't get the memo, that js in browsers is now the way to best mitigate > against state level actors. i mean globaleaks clearly has state-level actors > in their threat-model, right? No, GlobaLeaks doesn't consider in it's threat model an NSA-like actor.
GlobaLeaks it's designed to be a Whistleblowing framework that can be used in very different context, from WildLife Crime Activism up to Anticorruption in Serbia up to PubLeaks-like Journalism in Netherland, keeping the maximum level of security achievable for a specific context of use. Some deployment scenario is "Safe Enough", some other is "Super Paranoid", but we're bound to the reality of real-wold uses, that are differentiated as the risks scenario are. Check the Threat Model link on https://globaleaks.org in the footer to get a better insight. This email thread is specifically addressing the issue of using a strong client-side password hashing methods, such as scrypt (or maybe the upcoming winner of https://password-hashing.net/report1.html), in a way that could exploit the WebCrypto API primitives. Today with WebCrypto API you can only do hashing with PBKDF2 with tons of iterations, but i haven't found/seen an scrypt that leverage WebCrypto API or something similar to enable key-stretching client-side with a decent time-waiting/key-stretching-crypto-improvement ratio. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
