The reputation of your product would be much better if you allowed your users to choose the ciphers they want to use. Not after Skipjack, Dual EC DRBG, Simon, Speck and dodgy NIST curves. I don't get enthused about NSA crypto at all. I like the design of Tarsnap, but I wonder why you bother using NIST and NSA crypto algorithms with it? "We use SHA256 3 times!" It just sounds like snake oil. This is why Tarsnap encrypts data with cryptographic keys which are generated on the client side, not computed from passphrases (although you can encrypt the key files using scrypt and a passphrase if you want), and never transmitted to the service - all the encryption and decryption happens on the client side with publicly-auditable code. Having two passphrases, one for authentication and one for decryption, removes the second requirement, so that your data is safe as long as your passphrase is strong enough and you never ask to retrieve it. Then if your passphrase is strong enough AND they (or the NSA) didn't keep a copy of it when you created your account AND you never ask to retrieve your data, then you're safe. One possible approach would be to have two KDFs store KDF_1(passphrase) in their authentication database, and use KDF_2(passphrase) to encrypt/decrypt your data.
#PASSWORDSAFE CLOUD LOGIN HOW TO#
/r/capabilities - A type of security modelįeel free to message the moderators with suggestions for how to improve this subreddit, as well as for requesting adding links in the sidebar./r/bitcoin, /r/cryptocurrency - crypto applied to money./r/NSAleaks - Snowden documents and more./r/primitiveplayground - test your homebrew ciphers here.
/r/codes & /r/breakmycode - For cracking basic codes./r/compsci & /r/ComputerScience - Development and application of algorithms./r/security - General security subreddit.Other subreddits that may be of interest: Libera Chat's IRC:s #crypto - ( IRC protocol URL).Our monthly cryptography wishlist threads!.Threads on starting in crypto one & two.Remember that this sub is focused on the algorithms, and isn't political. See the list of related subs below for alternatives. Maybe try /r/cryptocurrency? Political news also very rarely belong here. Systems that use crypto are not necessarily relevant here, e.g.You may ask for help to understand it, but you should disclose the source. Don't use this sub to cheat on competitions or challenges! You're expected to solve such problems yourself.Familiarize yourself with the following before posting a question about a novel cryptosystem, or else the risk is nobody will take their time to answer:."Crack this cipher" challenges also belong in /r/codes unless they're based on interesting crypto implementation bugs, e.g.Do not ask people to break your cryptosystem without first sharing the algorithm.
#PASSWORDSAFE CLOUD LOGIN CODE#
(Rule of thumb: If a desktop computer can break a code in less than an hour, it's not strong crypto.) You're probably looking for /r/codes.
#PASSWORDSAFE CLOUD LOGIN MOD#
Send us a reason for why you want to join via mod mail, click here and tell us why you want to discuss cryptography Want to join?īecause this subreddit currently is in restricted mode, you will NOT be able to post or comment before your account has been approved. Please note that this subreddit is technical, not political! The focus is on the algorithms and the security of the implementations. This subreddit is intended for links and discussions surrounding the theory and practice of modern and strong cryptography. Cryptography lives at an intersection of math and computer science. is the art of creating mathematical / information theoretic assurances for who can do what with data, including but not limited to the classical example of encrypting messages so that only the key-holder can read it.
0 kommentar(er)
