[messaging] Peerio

[Mike Hearn]

The thing that interests me about this decision, is that people who are
afraid of nation-state level adversaries can easily generate a Bitcoin
style 12 random words type passphrase that has guaranteed high entropy, but
everyone else can just use a regular password or phrase. However from the
perspective of an adversary who wants to go trawling through the mail
stream they look identical. You can't know how strong a key is until you
actually try to crack it.

So if some users have very strong passwords and others have weaker
crackable passwords, that still provides some herd immunity because simply
using encrypted messaging no longer makes you interesting and worth running
a key cruncher over.

If Peerio was using forward secrecy, this effect would be multiplied
manyfold. An attacker who was wanting to algorithmically identify (for
example) everyone discussing a certain topic in a country would be unable
to do much, even if many of the participants were using weak keys.

It may be that this is one of those times when "worse is better".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150227/b8458ee9/attachment.html>