I think my only complaint (that doesn't seem to be mentioned, though I could
have missed it) is that the email address is generated with your key. This
means that you have to create a whole new email account every 6 - 12 months for
optimal security. I would suggest that you should allow people to alias their
username to their email address, but also realize that doing so would kill one
of your security advantages.
On 2013-08-27, at 3:05 AM, DC wrote:
> Hi all,
>
> Just arrived in Seoul! I'm travelling this week, sorry for the delayed
> replies.
>
> Thanks for all the feedback. I'll try to answer all in one email:
>
>
> > From: h0ost
> > Hi DC,
> > Thanks for sharing this project.
> > I'd like to install it on a server and play with it, but can't find an
> install doc.
> > https://github.com/dcposch/scramble/blob/master/doc/how.md references a
> Quick Start, but I can't seem to find it.
> > I'm sure I'm overlooking something, but thought I'd check first.
> > Thanks.
> > Host
>
> I hadn't published the Quick Start yet. My mistake.
> I'll try to correct that today, and I'll send out the URL.
>
>
> > From: The Doctor
> > To: liberationtech@lists.stanford.edu
> > [...]
> > scramble.io does not play nicely with the Tor Browser Bundle:
> > [...]
> > Problematic.
>
> You're right. Unfortunately, this is tricky to fix!
>
> It's critical to security that the PGP key pair be generated on the client,
> and the server never sees the (plain) private key.
> To generate a key pair on the client, you need a secure random number
> generator.
> This is a new JS API that doesn't exist in older browsers, including the Tor
> Brower Bundle's version of Firefox :(
>
> So Scramble over Tor won't be solved until one of two things happens:
> * The Tor Browser Bundle upgrades to a more recent Firefox
> * Someone makes an easy-to-use Chromium+Tor bundle
>
>
> > From: Griffin Boyce
> [...]
> > It should give an option to continue anyway, tbh.
>
> See above---can't generate the key pair.
> Maybe I'll simply remove the Generate Account button on older browsers.
> When the secure RNG API is missing, you *could* log into an existing account,
> but can't create a new one.
>
> That feels a bit dirty, though.
>
>
> > From: Nicolai
> > Cool idea. This is also similar to CurveCP and DNSCurve. [...]
> > But I think you meant to say the Base32 encoding of one's public key,
> > not the hash, right?
> > Nicolai
>
> Same format as Onion URLs: Base32 encoding of the first 80 bits of
> SHA1(PubKey)
>
>
> > From: Tom Ritter
> [...]
> > I feel compelled to point out the precedence here. This is a problem
> known as Zooko's Triangle
> > https://en.wikipedia.org/wiki/Zooko's_triangle
>
> Yes! Out of security, decentralization, and short names, you can only pick
> two.
>
> So HTTPS gives you security and short names (eg "paypal.com"), at the cost of
> placing trust in a centralized system (the CAs).
> Scramble, SSH fingerprints, Onion URLs, and others make the opposite
> tradeoff: security+decentralization, but now your identifiers are hashes.
>
> I think the consistent lesson of Prism, Lavabit, Freedom Hosting, etc is that
> anything centralized is inherently vulnerable. Hence the choice.
>
>
> > From: Ali-Reza Anghaie
> > To: liberationtech
> [...]
> > I'm conceptually really curious about various aspects but before I
> > forget - this time - I'd like to ask two broader questions first:
> > - Is this in any way an officially "backed" project in any way? Part
> of a thesis or what-not lets say?
>
> Nope. So far, this is just my weekend project over the past four or five
> weekends :)
> Several friends have helped me refine the ideas. So far I've written all the
> code.
> Hopefully that will change soon!
>
> https://github.com/dcposch/scramble
>
>
> > From: Michael Rogers
> > Hi DC,
> > Thanks for the reply. Responses to your responses inline. ;-)
> [...]
> > 80 bits may not be enough to defend against a well-funded adversary
> > these days - that's one aspect of the Tor hidden services design that
> > "needs some love".
> > https://blog.torproject.org/blog/hidden-services-need-some-love
>
> Interesting! I'll read about it more carefully.
> (Note that in the entire history of Bitcoin, the smallest hash a miner has
> found starts with less than 80 zero bits.
> So impersonating an Onion URL or Scramble address would take roughly more
> than the *total* computation done by all Bitcoin miners to date.
> I think this is quite good.)
>
> > [...]
> > What block cipher mode of operation do you use? If the mode of
> > operation requires padding, what padding scheme do you use? Do you
> > authenticate the ciphertext? If so, what MAC function do you use, and
> > how do you derive the MAC key?
>
> OpenPGP.js defaults. I'll give you a better answer soon.
>
> (Re: authenticating the ciphertext: not yet, but I should.
> Messages and bodies are currently PGP RSA-encrypted messages, but not signed.
> Wh