by poolpool on 7/19/14, 9:04 PM with 82 comments
by wyager on 7/19/14, 10:46 PM
This is because it is possible to attack large numbers of passphrases at once, and it is possible to harvest large numbers of targets from public databases of public keys.
Additionally, entropy estimation tools generally are not good at accounting for the fact that human behavior results in non-obvious biases and patterns in passphrase selection.
To see an example of this model failing on a large scale, look at the number of Bitcoin "brain wallets" that have been hacked, despite having apparently strong keys.
by achivetta on 7/20/14, 7:22 AM
If my passphrase gets compromised, I have to retire the keypair.
That's true of a key file with current asymmetric systems; but, presently if the passphrase of my GPG private key is compromised (e.g. by a hardware key logger), I only have to change the passphrase and ensure the old keyfiles are destroyed.
With MiniLock, if my passphrase is compromised the entire key material is compromised and I need to revoke the public key. But how do I revoke it? Do I tweet a message with the private key saying the public key is revoked? Will there be a centralized place to publish revocation messages? Efficient key revocation will be absolutely critical to this system and that's hard if the key distribution mechanism is tweets or some other ad hoc mechanism. This is one thing that PGP key servers really help with.
by deathanatos on 7/20/14, 1:58 AM
Am I wrong? Doesn't this seem much easier to brute force than a RSA key? (Presuming the private key hasn't been compromised; if it has, it's likely protected by a password, and then these two are about equal.)
¹accepting that some will get rejected because of "uses the zxcvbn library in order to impose a strict limit on the amount of detected entropy present in entered passphrases. miniLock will not allow passphrases that fall below the threshold of 100 bits of entropy"
by lolbrainwallets on 7/19/14, 11:17 PM
"the quick brown fox jumps over the lazy dog" has 111 bits of entropy according to zxcvbn.
by eliteraspberrie on 7/20/14, 2:06 AM
I say that because I don't trust the zxcvbn library. It underestimates the entropy of "aaaaa" as 7 bits [log(26 * 5)], not the correct value of 23 bits [log(26) * 5], for example. In this instance, it's to your advantage, but it doesn't inspire confidence in its other calculations.
by polvi on 7/20/14, 3:03 PM
Even if we do not like it, right now state of the art on file sharing (for most of the non-technical world) is an unencrypted email attachment. MiniLock looks like it might be something I can install on my mothers (non-technical) computer so that I can send her a sensitive doc (copy of my tax return, for example). This crypto system is sufficient for that use case, and the alternative is to do nothing at all. The alternatives are not GPG, or RSA, or whatever, because outside of the technical community people have no idea how to use these things.
by simik on 7/19/14, 10:55 PM
by rgj on 7/20/14, 9:16 AM
Many years ago, people realised you need to rely on something more than knowledge (of a password/passphrase) alone. Pick any two out of {something you know,something you own,something you are}, the latter being implemented by biometry.
That's why you need your ATM card, and why it has a PIN code.
This is a step back into a world were security wasn't good enough. Security is more than crypto alone, it's mainly about keeping things secret. There are too many ways a passphrase could be compromised or discovered.
This approach focuses too much on the crypto aspects, and not enough on all the other things involved in building something that is secure.
by kijin on 7/20/14, 12:10 AM
by viralpoetry on 7/20/14, 9:22 AM
by Toad_King on 7/20/14, 5:08 AM
by gdi2290 on 7/20/14, 1:15 AM
by edoceo on 7/20/14, 5:44 PM
Not less than 70 characters; "less than half a tweet".