Keybase.io

Cathal Garvey cathalgarvey at cathalgarvey.me
Wed Jun 25 04:37:26 PDT 2014 

Hey Pontifex,

>> The problem with Keybase is that the infrastructure they're based upon,
>> PGP/GPG, is probably not using modern key generation algorithms by
>> default for symmetric encryption of keys.
>
> What do you mean by that precisely?
> I don't think PGP/GPG/OpenPGP is meant to encrypt private keys on
> servers. In what way OpenPG or GnuPG would be linked with keybase.io
> private key encryption scheme or algorithms choice? I don't know
> everything about OpenPGP standard but I'm pretty sure it doesn't deal
> with such things.

Exactly, it doesn't. OpenPGP/GnuPG allows (strongly encourages!) you to
encrypt your private key, so that you can only perform private key
operations if you provide your passphrase.

*In theory*, a well-encrypted private key can be uploaded to the NSA's
own servers without hazard; this is the idea of "semantic security", I'm
told. So, uploading a well-encrypted private keypair to keybase *should*
be OK, with certain caveats.

Leaving aside that it's a bad idea anyway, because the fewer copies of
your private key there are under various passphrases the better, my main
concern is that OpenPGP never was designed for semantic security with
modern key-cracking in mind. So, decrypting private keys for use is
quite fast, whereas you really want decryption to take a second or more
so that brute-force cracking will take forever.

Really though, I'm wondering whether it makes no difference how good the
key schedule is because many people will continue to use terrible
passphrases for their keys, and keybase or their NSA friends could just
parallel-brute-force every key in the DB and compromise those keys
quickly, using them to spread falsified keys with good standing in the WoT.

>>  So, how many keys are
>> encrypted using key algos that are easily cracked? If they were using
>> hard keygen algos, then even bad-but-not-terrible passwords would be
>> not-entirely-trivial to crack. But keybase can't even enforce that,
>> because the PGP infrastructure is too legacy-laden.
>
> Again, what has PGP/GPG/OpenPGP to do with keybase.io good or bad
> choices (you don't seem to know anything about that either by the way
> :-) regarding encryption of secrets on their servers? I don't get it.

You're making assumptions about my level of knowledge on the subject,
here. I'm discussing the suitability of the key schedules used for
encrypted PGP private keys by available software, and whether these
schedules are suitable for use entrusting your key to a remote, US-based
webservice in a "zero knowledge" way. Especially as probably most
OpenPGP implementations won't sanitise stupid passphrases.

-- 
T: @onetruecathal, @IndieBBDNA
P: +353876363185
W: http://indiebiotech.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140625/b0d03a73/attachment-0002.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140625/b0d03a73/attachment-0002.sig>

More information about the cypherpunks mailing list