Exactly. its a password limited to 4 digits. And why? That gives you no more than 14 bit security even using a decent system like PBKDF2. Which i see no mention of.
secrets are just that - secret.
The only reason I know of that secrets need sharing is when you are running a key escrow system. Other than that secrets are locked away and used as rarely as possible. Never ever ever transmitted from machine to machine. Thats the key problem in crypto (pun intended). Stuff you transmit cant and wont stay secret.
Having read a little further, I think offline attacks are possible and 4 digits alone are useless today but that still does not weaken the security level. You need a key, whether you choose to use a password or not.
Correct me if I'm wrong but I don't see secret keys transmitted. The DTAs issue shares of the secret keys that are then combined. Also, transmitting secrets really is a motivating use case for cryptography.
they are creating a secret key by sending chunks of secret keys (with a mention of a blockchain database - not sure why). Or at least thats what i saw in the code comments.
secret in cryptography has a very special meaning - it refers to the part of the communication process you dont want visible.
encryption is actually mostly a solved problem. There are several good algorithms which are fine with no real problems.
The problems are all in establishing keys. For that there are currently only two choices in use. ecdh. which all the standard curves appear to be backdoored. and rsa, which the russians reckon they have broken.
the dta is just another key sharing scheme. needed. but not one that gives up on all the comsec we have gained so far.
do you not find it dishonest that they claim for example, that the uk government is using it already, but then it turns put it doesn't actually exist beyond a few lines of poc code.
Nice.
I've found openpgp to be fit for purpose, there's even a js version for apps now:
https://openpgpjs.org/
But still run into US import/export control problems with decent encryption. IMHO we can never have a standard as long as the US is involved in creating the standard, with obviously something never standing a chance of becoming a standard without the US being involved.
That's the reason Curve22519 (defined by djb, completely independent of any NIST involvement) has become popular and is being widely used as default in major ECDH implementations (https://en.wikipedia.org/wiki/Curve25519 ). As close to a "standard" as you'd find today that nobody believes to have known weaknesses or backdoors.
im mobile and traveling. tried to find my links to research but not in my mobile bookmarks. there is a great page somewhere that lists each curve --- edit you found it:
for reference google (pdfs so cant get links from google mobile):
security dangers of nist curves
and also the reasoning behind the curve chosen for bitcoin.
so edit 2: just, yes. but note the safecurves quote " The core problem is that if you implement the standard curves, chances are you're doing it wrong:"
Please stop spreading FUD. The quote from safecurves you posted is actually describing the very reason safecurves exists in the first place. And it lists the curves that are safe to use.
"Most of these attacks would have been ruled out by better choices of curves that allow simple implementations to be secure implementations. This is the primary motivation for SafeCurves. The SafeCurves criteria are designed to ensure ECC security, not just ECDLP security."
Also you completely ignored them main part of my earlier comment. The actually widely adapted, curve25519 by djb (who's also the author of that safecurves page) with no currently known weaknesses (and needless to say, no backdoors either).
Confused.. Safecurves exists because all the standard curves appear to be backdoored. Curve25519 is not a standard curve. How is this FUD?
Curve25519 was first released by Daniel J. Bernstein in 2005,[7] but interest increased considerably after 2013 when it was discovered that the NSA had implemented a backdoor into Dual EC DRBG. While not directly related,[8] suspicious aspects of the NIST's P curve constants[9] led to concerns[10] that the NSA had chosen values that gave them an advantage in factoring[11] public keys.[12]
"Safecurves exists because all the standard curves appear to be backdoored. Curve25519 is not a standard curve.
This was your original stanza that I objected to:
"The problems are all in establishing keys. For that there are currently only two choices in use. ecdh. which all the standard curves appear to be backdoored. and rsa, which the russians reckon they have broken."
You were insinuating that basically there's no safe way to establish secrets (using some form of ecdh). While there absolutely is. Here's the list of open source packages using (safe) Curve25519 :
->You were insinuating that basically there's no safe way to establish secrets (using some form of ecdh). While there absolutely is.
I'm complaining there is no STANDARD & SECURE way to establish secrets (unlike say AES or Rabbit). That's not quite the same thing. Nearly everything has been designed to fail from the very beginning. Or are you saying you still trust "the experts" after everything that's happened?
Curve 25519 does not meet the ECRYPT recommendations of a min keylength of 512bits for Ellyptic Curves
https://www.keylength.com/en/3/
Curve 25519 at 128bit provides:Very short-term protection against small organizations
Should not be used for confidentiality in new systems
->OpenSSL since version 1.1.0
Probably the very worst example of an implementation you could give. OpenSSL version 1.1.0... Really????
not true - the public blockchain means that cracking the encryption is only a very small part of such problem. You also need to convince all the other peers that you cracked it first
Because Bitcoin IS cracking encryption - bitcoins are assigned by doing exactly that.
In Bitcoin, a private key is usually a 256-bit number (giving a key length of at least 512 bits)
On the other hand, I'm sure all the MTgox customers will be happy with your assertion that their $450 million of missing/stolen funds allegedly stolen straight out of the MtGox hot wallet over time, beginning in late 2011. are actually still safe. Not sure they'll agree however.
secrets are just that - secret.
The only reason I know of that secrets need sharing is when you are running a key escrow system. Other than that secrets are locked away and used as rarely as possible. Never ever ever transmitted from machine to machine. Thats the key problem in crypto (pun intended). Stuff you transmit cant and wont stay secret.