On Thu, Feb 26, 2015 at 1:36 PM, Nadim Kobeissi <[email protected]> wrote: > > I think storing the private key in the user's brain, in the form of a > passphrase, is more secure than having it lying around on every computer > they use for crypto in the form of a PGP key file.
I don't see that. With respect to offline passphrase cracking, the peerio approach seems less secure than the PGP approach: Having a passphrase-encrypted private key "lying around on every computer they use" - like PGP - means offline-cracking can only be attempted by attackers who steal that file. Having a passphrase-generated private key - like peerio - means offline-cracking can be attempted by anyone who sees your public key. So the peerio approach has the same security as if you were transmitting your private-key file alongside your public key, which exposes it *much* more widely. > Deriving private keys > from a strong passphrase offers an ephemeral portability, where I can carry > my key identity with me in my head, use it on any computer, without > permanently any private key information on said computer (that is, unlike > PGP.) When I'm using a trusted friend's computer, or when I buy a new one, I > can be all set just by entering my passphrase and logging in like I'd log > into Gmail or Facebook. I think this is very important for people to be able > to do. OK, so you want anyone to be able to login to the peerio service, from a new computer, with just their user-chosen passphrase. That can be easily done *without* a passphrase-generated private key: - private keys are generated at random - the service stores a passphrase-encrypted private key - after login, the passphrase-encrypted private key is fetched by the user This has the same useability as your solution, but doesn't enable your correspondents to attempt offline password-cracking. So passphrase-generated private keys in peerio still seem strictly inferior to the traditional approach (generating keys from a strong RNG). What am I missing? Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
