On Sat, Feb 28, 2015 at 11:57 AM, Nadim Kobeissi <[email protected]> wrote: > Re. Trevor and dkg, > I easily concede that further study is required. If it turns out our current > passphrase model is not expensive enough, I'll hold myself to updating the > Peerio client to have more stringent parameters on how generation is > handled.
IIRC, miniLock originally focused on the software choosing a random passphrase for the user, instead of user choice? That gives you good control of the passphrase entropy. If you're taking any approach where a passphrase-encrypted private-key is exposed to other users or the server, that's what I'd recommend. I'd also consider making server storage of the passphrase-encrypted private-key optional, since I think for many users it's an unnecessary risk. (But this would require considering the use cases for key portability in more detail, which might be a good further thread - multidevice, lost-device, internet cafe, etc.) Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
