[messaging] Peerio
Trevor Perrin
trevp at trevp.net
Fri Feb 27 09:38:56 PST 2015
On Thu, Feb 26, 2015 at 1:36 PM, Nadim Kobeissi <nadim at nadim.computer> wrote:
>
> I think storing the private key in the user's brain, in the form of a
> passphrase, is more secure than having it lying around on every computer
> they use for crypto in the form of a PGP key file.
I don't see that. With respect to offline passphrase cracking, the
peerio approach seems less secure than the PGP approach:
Having a passphrase-encrypted private key "lying around on every
computer they use" - like PGP - means offline-cracking can only be
attempted by attackers who steal that file.
Having a passphrase-generated private key - like peerio - means
offline-cracking can be attempted by anyone who sees your public key.
So the peerio approach has the same security as if you were
transmitting your private-key file alongside your public key, which
exposes it *much* more widely.
> Deriving private keys
> from a strong passphrase offers an ephemeral portability, where I can carry
> my key identity with me in my head, use it on any computer, without
> permanently any private key information on said computer (that is, unlike
> PGP.) When I'm using a trusted friend's computer, or when I buy a new one, I
> can be all set just by entering my passphrase and logging in like I'd log
> into Gmail or Facebook. I think this is very important for people to be able
> to do.
OK, so you want anyone to be able to login to the peerio service, from
a new computer, with just their user-chosen passphrase. That can be
easily done *without* a passphrase-generated private key:
- private keys are generated at random
- the service stores a passphrase-encrypted private key
- after login, the passphrase-encrypted private key is fetched by the user
This has the same useability as your solution, but doesn't enable your
correspondents to attempt offline password-cracking. So
passphrase-generated private keys in peerio still seem strictly
inferior to the traditional approach (generating keys from a strong
RNG).
What am I missing?
Trevor
More information about the Messaging
mailing list