> On Feb 27, 2015, at 5:18 PM, Ben Harris <[email protected]> wrote: > > I think Nadim's point is that the encrypted storage can lull people into a > false sense of security so they use a weak passphrase for the encryption.
I think that the same people that understand the threat model wouldn’t make the mistake of trusting an arbitrary external host with weakly encrypted private keys. > Building the system so as to be secure in the "offline attack is possible" > scenario means it will still be secure in the "server protects against > offline attack" scenario. Yes, I agree. Jonathan _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
