[sillysaurus3]

Please don't use language like "People will get fucked" when critiquing a cryptosystem. HN is better than that.

Tarsnap has no restrictions on passphrase entropy whatsoever, yet people have no problem with Tarsnap. It's interesting that people are singling out Minilock for this feature. Is this the worst thing that can be said about Minilock?

EDIT: I accidentally said Tarsnap; I meant Scrypt.

[lolbrainwallets]

Tarsnap does not allow anyone who has your public key to attempt to crack your paraphrase. Minilock does, and in fact you can load all public keys into a bloom filter and crack them simultaniously with nearly the same speed as a single key. The design of this system is simply irresponsible. Saying people will be fucked is entirely appropriate here.

[sillysaurus3]

Hmm, I meant Scrypt. You can use Scrypt to encrypt files using a passphrase with no entropy restrictions. It doesn't use keys. People never raised this concern about Scrypt, and certainly didn't say people would get fucked for using it. What am I missing here? Why does Minilock warrant this outrage, but not Scrypt?

https://www.tarsnap.com/scrypt.html

[lolbrainwallets]

That tool generates a random salt, so passphrase cracking time is O(n) where n is the number of files being cracked vs O(1) for Minilock public keys. Additionally, encrypted files are generally still not "public", whereas Minilock public keys likely would be.

[andor]

Assuming that all files are encrypted with the same passphrase, and you crack the passphrase, not the key generated from kdf(salt, passphrase), complexity is O(1) for Minilock as well.

[tveita]

Tarsnap generates a key file - your password is not used directly to derive the key. A password is used for your account, and for encrypting the key file.