[messaging] Peerio

Trevor Perrin trevp at trevp.net
Sat Feb 28 12:19:02 PST 2015

On Sat, Feb 28, 2015 at 11:57 AM, Nadim Kobeissi <nadim at nadim.computer> wrote:
> Re. Trevor and dkg,
> I easily concede that further study is required. If it turns out our current
> passphrase model is not expensive enough, I'll hold myself to updating the
> Peerio client to have more stringent parameters on how generation is
> handled.

IIRC, miniLock originally focused on the software choosing a random
passphrase for the user, instead of user choice?

That gives you good control of the passphrase entropy.  If you're
taking any approach where a passphrase-encrypted private-key is
exposed to other users or the server, that's what I'd recommend.

I'd also consider making server storage of the passphrase-encrypted
private-key optional, since I think for many users it's an unnecessary

(But this would require considering the use cases for key portability
in more detail, which might be a good further thread - multidevice,
lost-device, internet cafe, etc.)


More information about the Messaging mailing list