Hacker News new | ask | show | jobs
by divyekapoor 1270 days ago
Hate to be that guy that ruins your security researcher dreams. Your Argon2 memory hard function is useful against mass surveillance and belongs in mass market products. Let's leave it there.

Despite your protests, for an average joe who just wants to stash a secret somewhere and not have it in plaintext, this is absolutely ok.
1 comments
maqp 1270 days ago
There is no reason not to use Argon2 in place of weaker alternative, especially when there's no UX overhead.

The threat model "for an average Joe who just wants to stash a secret somewhere and not have it in plaintext" should probably be written in red, font size 48.

But take a look what the author is actually saying it can be used for, i.e. to "securely store passwords". The currently available tools like KeepassXC that do just that, also use Argon2.

"Your Argon2 memory hard function is useful against mass surveillance and belongs in mass market products."

Well if this product isn't for mass-market, it's for niche use, and here I thought niche products are usually for the special security cases for people who need extra security, but you're implying average Joes should NOT use mass market grade security but something niche and less secure.

link
mprime1 1270 days ago
Author here.

Thank you for mentioning Argon2, I didn't know about it. https://en.wikipedia.org/wiki/Argon2

> There is no reason not to use Argon2

In this case, the reason for not using Argon2 is that it's not available: https://www.w3.org/TR/WebCryptoAPI/

> Well if this product isn't for mass-market

This is a demo for self-contained HTML encrypted secrets. Do with it what you want. Definitely not a product in the current format.

link
maqp 1270 days ago
In this case, the reason for not using Argon2 is that it's not available

Then it would naturally follow you wouldn't want to implement password-dependent security systems in JS.

I can respect the HTML file that stores an encrypted note. I just struggle in finding the use case given how files are supposed to be shared using secure platforms, and how client-side encrypted cloud and FDE take care of user's personal file confidentiality.

Perhaps you can just send a self-extracting piece and perhaps it's safe enough to deliver the password over the phone, but generally when your adversary sits in the backbone of the internet (i.e. when your default email isn't secure to begin with), you're in a world of problems. Even IF you're avoiding incidental collection, defaulting to any opportunistic E2EE like iMessage, or to any E2EE protocol that isn't authenticated is better UX-wise.

link