[messaging] Secure OpenPGP Key Pair Synchronization via IMAP (RFC)

Daniel Roesler diafygi at gmail.com
Thu Apr 9 18:55:22 PDT 2015


Thanks for the post!

A few very minor questions, in regards to the packet format.

Is there reason why you've tied the number of PBKDF2 iterations to the
version number? Other frameworks like Django separate out the number
of iterations so that it can be increase the default over time without
having to make new versions[1].

Also, in the same vein, Django's default is 24,000 iterations[2].
LastPass uses 100,000[3]. Any particular reason you settled on 10,000?

-Daniel

[1]: https://github.com/django/django/blob/master/django/contrib/auth/hashers.py#L232
[2]: https://github.com/django/django/commit/c51258882bbf388f5c4cfc379340097ebe9beda9
[3]: https://blog.lastpass.com/2011/05/lastpass-security-notification.html/

On Wed, Apr 8, 2015 at 5:37 AM, Tankred Hase <tankred at whiteout.io> wrote:
> Hi there,
>
> we've updated our private key synchronization protocol. The new
> version was developed together with Cure53 and it's much simpler than
> the old protocol:
>
> https://blog.whiteout.io/2015/04/08/secure-pgp-key-sync-a-proposal-contd/
>
> The Enigmail developers have also expressed interest, so we would be
> open to standardize it as an RFC if enough vendors back it.
>
> Thanks for any feedback.
>
> Kind regards,
> Tankred
>
> --
> Whiteout Networks GmbH c/o Werk1
> Grafinger Str. 6
> D-81671 München
> Geschäftsführer: Oliver Gajek
> RG München HRB 204479
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging


More information about the Messaging mailing list