[messaging] Multiple devices and key synchronization: some thoughts
sam at samlanning.com
Sat Jan 3 12:30:22 PST 2015
On 03/01/15 20:05, Trevor Perrin wrote:
> On Sat, Jan 3, 2015 at 10:04 AM, Sam Lanning <sam at samlanning.com> wrote:
>> When prompted to create a new ID, a user enters their full name, and a
>> password (with appropriate UI to encourage strong passwords). Now this
>> data is then solely used to generate pseudorandom data for key
>> generation of the master keypair. (e.g. using PBKDF2)
> This means anyone who receives or sees one of your messages can
> attempt password cracking.
> It would probably have the same useability and better security if you
> generated the master key through a secure RNG, then encrypted the
> master private key with the password and synchronized the encrypted
> blob to your devices through some service.
> Then only the service could attempt password cracking.
> I'm not taking a position whether any of this is a good idea.
> User-chosen passwords are often weak. But this flexibility is at
> least possible with the "synchronize the master private key" between
> devices approach, which I've been advocating.
Infact, we could get the exact same usability if we used a single
password for the encryption and authentication to 3rd party service.
We could do something like this:
password + hashed name / email as salt
-> PBKDF2 (n rounds)
-> authentication keypair (for 3rd parties where encrypted data is
obtain encrypted data + salt
password + salt
-> PBKDF2 (n rounds)
-> encryption key (symmetric)
This still allows for:
* never storing master key unencrypted anywhere
* everything else I mentioned in my previous message.
But also means:
* only the third party service can attempt password cracking.
* your identity does not depend on your password
The only downside this has compared to the previous idea is that you
rely on a 3rd party service for availability, which is probably fine as
everything nowadays does anyway...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 949 bytes
Desc: OpenPGP digital signature
More information about the Messaging