[messaging] Peerio

Jonathan Rudenberg jonathan at titanous.com
Fri Feb 27 18:22:19 PST 2015

> On Feb 27, 2015, at 5:18 PM, Ben Harris <mail at bharr.is> wrote:
> I think Nadim's point is that the encrypted storage can lull people into a false sense of security so they use a weak passphrase for the encryption.

I think that the same people that understand the threat model wouldn’t make the mistake of trusting an arbitrary external host with weakly encrypted private keys.

> Building the system so as to be secure in the "offline attack is possible" scenario means it will still be secure in the "server protects against offline attack" scenario.

Yes, I agree.


More information about the Messaging mailing list