Hacker News new | ask | show | jobs
by libertymcateer 3397 days ago
I'm also interested to know.

Believe it or not, I would love to get Nik as a consultant. I fear my 'hubris' (I won't deny it, this idea is extraordinarily ambitious and I have to be arrogant to even conceive of it) will have pissed him off irrevocably.

That aside, I don't really follow his point on the login PW. I understand 8 char alphanum pw is pretty low entropy... but that isn't used for encryption. And the login attempt rate is pretty strictly rate limited.

And yes, I am getting professionals - not me - to do the heavy lifting. I wrote the proof of concept. I am in no way surprised to find it has issues - I am aware of a few others myself.
1 comments
nikcub 3397 days ago
It isn't the login password but the message password - although using sha256 for a login password isn't great either

if you're doing

aes(plaintext, sha2(password)) = cyphertext

given cyphertext I can get to plaintext with sha2(8-char dictionary)

well designed systems will generate a truly random key there, exchanged using public-key. if you're going to use a password, you need a key-derivation algorithm

this is all bunk tho since the big vulnerability here is that you're delivering the encryption routines via javascript in a global browser space

link
libertymcateer 3397 days ago
> this is all bunk tho since the big vulnerability here is that you're delivering the encryption routines via javascript in a global browser space

So what about mailvelope?

link
libertymcateer 3397 days ago
Nm, I understand your point, and yes, no contest. The extension is being broken up and will communicate with the environment on the tab with sent messages, rather than just injecting the whole content script. I hear your point loud and clear.
link
nikcub 3396 days ago
You're not taking your own advice from two comments up :)
link
libertymcateer 3396 days ago
Regarding professionals? I hear you - loud and clear.

I want you to know, very sincerely, I appreciate your feedback over the past two days.

Some lessons (re-)learned:

* Security is a conclusion, not an assertion - it is improper to present a system as secure without evidence. * I am not, nor will I ever be, qualified to provide a conclusion regarding security. * The language on the homepage needs to be clear in this regard without being 'cute.' * If I ever post on HN regarding security, either use evidentiary sources to back my points on provide code.

Thanks for the reality check.

link