[messaging] Peerio

Trevor Perrin trevp at trevp.net
Fri Jan 16 19:20:55 PST 2015


On Sat, Jan 17, 2015 at 3:07 AM, Watson Ladd <watsonbladd at gmail.com> wrote:
>
> It's important to note that the attacks are parallel: I can get
> everyone using "Bob is my uncle" as a passphrase with one go. This is
> because minilock doesn't have a concept of user identity beyond the
> public key. This makes the attack much more productive than when
> attacking salted passwords.

Not true - the password hashes are salted: miniLock asks for your
email address, Peerio uses the user ID.

Trevor


More information about the Messaging mailing list