[liberationtech] PGP is hard to use and needs stuff installed on your computer. Use PassLok instead.
Michael Rogers
michael at briarproject.org
Sat Jul 27 14:05:54 PDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 26/07/13 21:42, Francisco Ruiz wrote:
> PassLok performs public-key cryptography using the Diffie-Hellman
> key exchange rather than RSA, so you can use whatever secret key
> you want. Hopefully something that is both very hard to guess and
> easy to remember, so you never have to write it down. PassLok will
> help you to come up with a strong key, but won't force you in any
> way.
Hi Francisco,
It looks like you're generating a Diffie-Hellman key pair from a
passphrase using PBKDF2 with no salt and a single iteration. That's a
bad idea - the resulting key pair will be susceptible to a dictionary
attack by anyone who knows the public key, or a message encrypted with
the public key, or a message signed with the private key. Worse,
because you don't use salt, the dictionary attack can be carried out
in advance by building a rainbow table.
Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJR9DYyAAoJEBEET9GfxSfMNzsH/jU6WrzE7Y9jeLTtMBTahhJX
KpzdmHSYp3D457YxLj2WVP4hj0fqf2ygaers3N9O2QRNU69tkv/eZZdbezCGcdWr
FQ/Dg/hp7nMEKZTJEmkzKfxQUQkB7WRWxJsk9Bl15UehctsEPNkEcLT0SA75I8Q+
cWoEyfOF4/+jY+JgAoWi/rsU/G1Frlg/dwqS0MNvGTDLTvAeOPjJqlx+RWTG00kA
5SpoYYJJobxyR9b1GkbvapwaOSviuNGVYG8vNi5mNv/C55OGCWGIBm+L/RItf6Yl
8XNaSY9XJaVC1k6+q1QQTFlav8SzTBfzFLUoFcX+fOWd3gPgPtAjwfLv1moOuDc=
=DJzx
-----END PGP SIGNATURE-----
More information about the liberationtech
mailing list