-
Notifications
You must be signed in to change notification settings - Fork 91
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security implications of not having a passphrase? #385
Comments
Backup protected by a passphrase that the user doesn't regularly use is a great way to make sure they can't restore from it when they have to. Passphrase is most useful for export/backup protection.
I guess it depends on the user. I always use LUKS full-disk encryption on all my drives, so the encrypt-at-rest of the ID is needless for me personally, I guess. And all in all it's not all that interesting attack. I guess the biggest thread is some systemic attack, where a popular vulnerability is used to collected many unprotected IDs and then to introduce malicious dependency and hide it with fake reviews, etc. I guess one way to approach this is to create some temporary weak-ID, without a passphrase, mark it somehow as such and allow user to locally add trust proofs, and maybe even reviews, but definitely not publish anything. When the user is ready, |
BTW. We could have a passphrase agent to help with having to enter the passphrase too often. It would listen on some local socket, and if not started |
Currently the logic is this:
|
On macOS I could use Keychain to either store the passphrase, or store the whole CrevID. |
Yeah. On linuxes there are also some kind of keyrings (gnome, kde, possibly others). |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
For #384 it would be super convenient to create an implicit empty CrevID for new users, without a passphrse. What are the risks?
It wouldn't suggest backing up CrevID without a passphrase, and could require adding a passphrase at some point, e.g. before publishing anything. But how much are we worried about identity at rest on local disk?
The text was updated successfully, but these errors were encountered: