On Sat, Jan 3, 2015 at 10:04 AM, Sam Lanning <[email protected]> wrote: > > When prompted to create a new ID, a user enters their full name, and a > password (with appropriate UI to encourage strong passwords). Now this > data is then solely used to generate pseudorandom data for key > generation of the master keypair. (e.g. using PBKDF2)
This means anyone who receives or sees one of your messages can attempt password cracking. It would probably have the same useability and better security if you generated the master key through a secure RNG, then encrypted the master private key with the password and synchronized the encrypted blob to your devices through some service. Then only the service could attempt password cracking. I'm not taking a position whether any of this is a good idea. User-chosen passwords are often weak. But this flexibility is at least possible with the "synchronize the master private key" between devices approach, which I've been advocating. Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
