Re: [cryptography] Introducing SC4 -- feedback appreciated

2015-04-18 Thread Ben Laurie
On 18 April 2015 at 00:51, Tony Arcieri wrote: > On Fri, Apr 17, 2015 at 11:56 AM, Ron Garret wrote: >> >> The fact that to use PGP you have to install an application. (This is >> true for Peerio as well.) That turns out to be too much friction for most >> people. Whenever you have to install

Re: [cryptography] Introducing SC4 -- feedback appreciated

2015-04-17 Thread Ron Garret
On Apr 17, 2015, at 6:59 PM, Tony Arcieri wrote: > On Fri, Apr 17, 2015 at 4:25 PM, Ron Garret wrote: > Why should anyone trust anyone’s web page? When was the last time you > obtained a software application that was *not* delivered via the web? > > There's a big difference between a web pag

Re: [cryptography] Introducing SC4 -- feedback appreciated

2015-04-17 Thread Tony Arcieri
On Fri, Apr 17, 2015 at 4:25 PM, Ron Garret wrote: > Why should anyone trust anyone’s web page? When was the last time you > obtained a software application that was *not* delivered via the web? > There's a big difference between a web page with JavaScript loaded in a browser and a static artif

Re: [cryptography] Introducing SC4 -- feedback appreciated

2015-04-17 Thread Ron Garret
On Apr 17, 2015, at 3:51 PM, Tony Arcieri wrote: > On Fri, Apr 17, 2015 at 11:56 AM, Ron Garret wrote: > The fact that to use PGP you have to install an application. (This is true > for Peerio as well.) That turns out to be too much friction for most people. > Whenever you have to install

Re: [cryptography] Introducing SC4 -- feedback appreciated

2015-04-17 Thread Tony Arcieri
On Fri, Apr 17, 2015 at 11:56 AM, Ron Garret wrote: > The fact that to use PGP you have to install an application. (This is > true for Peerio as well.) That turns out to be too much friction for most > people. Whenever you have to install an application you have to decide > whether or not you

Re: [cryptography] Introducing SC4 -- feedback appreciated

2015-04-17 Thread Ron Garret
On Apr 17, 2015, at 12:32 PM, z...@manian.org wrote: > I don't think this really solves any actual crypto problems. Just to be clear, I’m not claiming to solve any actual crypto problems. I’m claiming (or maybe “aiming” is a better word) to solve a UI/UX problem. > I also suspect it's pretty

Re: [cryptography] Introducing SC4 -- feedback appreciated

2015-04-17 Thread z...@manian.org
I don't think this really solves any actual crypto problems. I also suspect it's pretty hard to solve any of the big problems while retaining this level of simplicity. But I'm sure you'll learn stuff along the way. More inline. On Fri, Apr 17, 2015 at 12:04 PM, Ron Garret wrote: > > On Apr 17, 2

Re: [cryptography] Introducing SC4 -- feedback appreciated

2015-04-17 Thread Ron Garret
On Apr 17, 2015, at 12:04 PM, stef wrote: > On Fri, Apr 17, 2015 at 11:56:48AM -0700, Ron Garret wrote: >> On Apr 17, 2015, at 11:27 AM, Dominik Schuermann >> wrote: >>> what problem of traditional PGP implementations did you solve? >> >> The fact that to use PGP you have to install an applica

Re: [cryptography] Introducing SC4 -- feedback appreciated

2015-04-17 Thread stef
On Fri, Apr 17, 2015 at 11:56:48AM -0700, Ron Garret wrote: > On Apr 17, 2015, at 11:27 AM, Dominik Schuermann > wrote: > > what problem of traditional PGP implementations did you solve? > > The fact that to use PGP you have to install an application. (This is true > for Peerio as well.) That t

Re: [cryptography] Introducing SC4 -- feedback appreciated

2015-04-17 Thread Ron Garret
On Apr 17, 2015, at 11:26 AM, z...@manian.org wrote: > At some level, this is in the same conceptual space as Peerio / Minilock. That’s right. > The primary notable difference I see is you have used a binary format for > keys and messages. That’s not the main difference that I claim. The mes

Re: [cryptography] Introducing SC4 -- feedback appreciated

2015-04-17 Thread Ron Garret
On Apr 17, 2015, at 11:27 AM, Dominik Schuermann wrote: > what problem of traditional PGP implementations did you solve? The fact that to use PGP you have to install an application. (This is true for Peerio as well.) That turns out to be too much friction for most people. Whenever you hav

Re: [cryptography] Introducing SC4 -- feedback appreciated

2015-04-17 Thread Dominik Schuermann
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, what problem of traditional PGP implementations did you solve? * Looks like key exchange problem is still present (sent by mail) * Any key authentication? I don't see any verification or certification model. Regards Dominik On 04/17/2015 08:21

Re: [cryptography] Introducing SC4 -- feedback appreciated

2015-04-17 Thread z...@manian.org
At some level, this is in the same conceptual space as Peerio / Minilock. The primary notable difference I see is you have used a binary format for keys and messages. Minilock uses a compressed curve25519 point without any metadata as public key. This is more compact than your format. It'sBase58

Re: [cryptography] Introducing SC4 -- feedback appreciated

2015-04-17 Thread stef
ohio, On Fri, Apr 17, 2015 at 10:56:01AM -0700, Ron Garret wrote: > 1. It is a standalone web application. putting keys in the browser is like putting keys in front of a dmz. browsers are not designed for this, they are designed for delivering impressions and services to you. the security featur

[cryptography] Introducing SC4 -- feedback appreciated

2015-04-17 Thread Ron Garret
TL;DR: I took tweet-NaCl-JS and wrapped a little PGP-like webapp around it. I would like to solicit feedback and code review from this community before I submit it for a formal audit and release it to the general public. Links: Source code: https://github.com/Spark-Innovations/SC4 Live demo: