jonathan at titanous.com
Fri Feb 27 18:22:19 PST 2015
> On Feb 27, 2015, at 5:18 PM, Ben Harris <mail at bharr.is> wrote:
> I think Nadim's point is that the encrypted storage can lull people into a false sense of security so they use a weak passphrase for the encryption.
I think that the same people that understand the threat model wouldn’t make the mistake of trusting an arbitrary external host with weakly encrypted private keys.
> Building the system so as to be secure in the "offline attack is possible" scenario means it will still be secure in the "server protects against offline attack" scenario.
Yes, I agree.
More information about the Messaging