Hi Jed,
I think you are mixing 2 things here:
1) Your title says: "[TW5] TWederation and SJCL.js for public key
crytpography"
2) TW uses a Password encryption at the moment.
You can't really use the existing (2) mechanism if you don't want to use an
external key store, because it leads to your conclusion:
I have read a tiny bit about processes for taking a password and generating
> a private key from it, but I am not sure how much they would apply in this
> context since everything about how the password is converted to the private
> key would be on the wiki and therefore assumed to be publicly viewable. I
> don't know specifics of how this works so at the moment it is just
> brainstorming.
>
This means no encryption at all. So that's not the way :)
------------
add 1) Your title says: "[TW5] TWederation and SJCL.js for public key
crytpography"
So you are talking about PGP like encryption, that uses a private and
public key pair. Which immediately brings the "key management problem" with
it, as you point out.
So one "hypothetical" but really bad solution would be to store the public
and the private key in the TW, but encrypt the private key with a password.
So the one with the password can create the "private key" and use it to
decrypt the tiddler. -> This mechanism has the exact same result as the
password method. ... So it's pretty much useless to increase security. It
just makes everything more complicated.
add 2) TW uses a Password encryption at the moment. Which does this:
- If you want to encrypt the tiddler store you "enter a password"
- This password is made stronger, using some "salt" and many iterations.
see: [1-5]
- a key is created, that is used to encrypt the message (tiddlers).
Described here [5] and [4]
- This process creates the same key on every computer, -> if you know
the password. [2]
- The salt value and the number of iterations are there, to make
several attacks against the password harder [5]
- The default values used, imo are not changed by TW since [1] says
they are sensible. Look at wikipedia [5] about this.
I think, we need a different discussion first.
... more replies to follow
have fun!
mario
[1] http://bitwiseshiftleft.github.io/sjcl/ paragraph 4 about PBKDF2
[2] https://github.com/Jermolene/TiddlyWiki5/blob/master/boot/boot.js#L600
[3] http://bitwiseshiftleft.github.io/sjcl/doc/symbols/sjcl.html
[4]
http://bitwiseshiftleft.github.io/sjcl/doc/symbols/src/core_convenience.js.html
[5] https://en.wikipedia.org/wiki/PBKDF2
--
You received this message because you are subscribed to the Google Groups
"TiddlyWikiDev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/tiddlywikidev.
To view this discussion on the web visit
https://groups.google.com/d/msgid/tiddlywikidev/f162c4ea-4301-49bb-b3e1-cf7531d6161d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
