jonathan at titanous.com
Fri Feb 27 14:24:39 PST 2015
> On Feb 27, 2015, at 10:08 AM, Nadim Kobeissi <nadim at nadim.computer> wrote:
> This is by no means a bad idea. But considering the server as part of the adversarial model, this proposition doesn't seem to help much, since:
> Anyone with access to the server can simply hoover up all the passphrase-encrypted private keys, and then try to crack them in the same way by searching through the space of possible passphrases. This is why it's better, I think, to focus on ensuring that the passphrase space search *itself* is exceedingly expensive in the first place, hence the strict passphrase requirements and the strong scrypt derivation rounds.
I’m not sure how publishing passphrase-encrypted private keys to the world (in the public key form of “brain keys”) can be *better* than restricting access to encrypted random private keys to a server that is already privileged with access to communications metadata. As long as the algorithm and passphrase entropy is exactly the same for both, storing encrypted random private keys on a server somewhere is *strictly better* than using the equivalent “brain key”. Am I missing something?
More information about the Messaging