[messaging] Peerio

Trevor Perrin trevp at trevp.net
Fri Feb 27 09:38:56 PST 2015

On Thu, Feb 26, 2015 at 1:36 PM, Nadim Kobeissi <nadim at nadim.computer> wrote:
> I think storing the private key in the user's brain, in the form of a
> passphrase, is more secure than having it lying around on every computer
> they use for crypto in the form of a PGP key file.

I don't see that.  With respect to offline passphrase cracking, the
peerio approach seems less secure than the PGP approach:

Having a passphrase-encrypted private key "lying around on every
computer they use" - like PGP - means offline-cracking can only be
attempted by attackers who steal that file.

Having a passphrase-generated private key - like peerio - means
offline-cracking can be attempted by anyone who sees your public key.

So the peerio approach has the same security as if you were
transmitting your private-key file alongside your public key, which
exposes it *much* more widely.

> Deriving private keys
> from a strong passphrase offers an ephemeral portability, where I can carry
> my key identity with me in my head, use it on any computer, without
> permanently any private key information on said computer (that is, unlike
> PGP.) When I'm using a trusted friend's computer, or when I buy a new one, I
> can be all set just by entering my passphrase and logging in like I'd log
> into Gmail or Facebook. I think this is very important for people to be able
> to do.

OK, so you want anyone to be able to login to the peerio service, from
a new computer, with just their user-chosen passphrase.  That can be
easily done *without* a passphrase-generated private key:
 - private keys are generated at random
 - the service stores a passphrase-encrypted private key
 - after login, the passphrase-encrypted private key is fetched by the user

This has the same useability as your solution, but doesn't enable your
correspondents to attempt offline password-cracking.  So
passphrase-generated private keys in peerio still seem strictly
inferior to the traditional approach (generating keys from a strong

What am I missing?


More information about the Messaging mailing list