[Cryptography] miniLock seems pretty interesting
Eric Mill
eric at konklone.com
Tue Jul 22 00:28:53 EDT 2014
On Mon, Jul 21, 2014 at 2:11 PM, Phillip Hallam-Baker <phill at hallambaker.com
> wrote:
> 32bits or 32 bytes?
>
> I am pretty sure he said 32 bits in the presentation which had me
> really interested!
>
> But the specs say 32 bytes. And as a general matter, I can't see how a
> key of less than 128 bits can possibly be secure. I can brute force a
> 64 bit space.
>
Sorry, 32-byte. Here's the original paper for the curve in question,
curve25519:
http://cr.yp.to/ecdh/curve25519-20060209.pdf
In general, the curve work seems legit -- Adam Langley has an active
implementation <https://github.com/agl/curve25519-donna>, the curve is
used inside
TextSecure
<https://github.com/WhisperSystems/TextSecure/search?q=curve25519&ref=cmdform>,
and, trusting Wikipedia for the moment, a lot of other good projects
<https://en.wikipedia.org/wiki/Curve25519#Notable_uses>.
I know there's a lot of skepticism of Cryptocat in the security community,
and I'm not in a good position to evaluate the merits. I have gotten the
sense that Cryptocat has responded constructively over time and improved
their level of security.
Either way, I think minilock deserves to be evaluated on its own merits,
not just as something "from the cryptocat guy".
>
>
>
> On Mon, Jul 21, 2014 at 9:48 AM, Eric Mill <eric at konklone.com> wrote:
> > I saw this announced at HOPE X this weekend:
> >
> > http://minilock.io/
> >
> > It uses curve25519, which requires much smaller keys (32 or 64 bits) to
> > ensure security -- and so it basically just demands a strong passphrase
> from
> > the user from which can be derived a strong private key.
> >
> > The developer has a video and slides to go along with it, and in general
> > focused his energy on persuading the audience that JavaScript crypto is a
> > necessary and achievable part of the future.
> >
> > -- Eric
> >
> > --
> > konklone.com | @konklone
> >
> > _______________________________________________
> > The cryptography mailing list
> > cryptography at metzdowd.com
> > http://www.metzdowd.com/mailman/listinfo/cryptography
>
--
konklone.com | @konklone <https://twitter.com/konklone>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140722/29e8a383/attachment.html>
More information about the cryptography
mailing list