(But, then again, how do we know they can be trusted?) ![]() I'd be more comfortable if there were some trusted people who can roll back mistakes and fraud after they've been discovered and proven. I'll probably try it out, but I think undo buttons are really important. The lesson of Bitcoin seems to be that cryptographically irreversible actions combined with valuable digital assets (whether coins or, say, celebrity accounts) have a tendency to attract scammers and hackers, so you better be certain that your client machines can't be broken into and that you're immune to social engineering. ![]() ![]() At what point does it become yet another social network that's degrading into a cesspool? And how do you get out of that state when everything is cryptographically locked down? Maybe this is overly cynical, but I wonder what happens if it really starts to take off (say, growing towards Twitter scale). This looks like the start of a viable social network with very strong security.Īt one point I would have thought that's great, but now I find it vaguely alarming. Whenever a user deletes a device, there's a rekey cascade - the user's PUK is rotated, and so are all teams the user is a member of. This is a change from previous designs, but the advantage is that when a user adds a new device, she'll get instant access to all teams, when the PUK's secret key is encrypted for the new device. These details are mainly hidden from users, except for bugs (as above, but we'll fix it soon). In turn, all team crypto operations happen for PUKs (and not device keys) so it's necessary to have a PUK before you can use teams. wilg's thread missed a window and would have rerun in 50 minutes, but he solved the problem by starting up a different device. New users get a PUK right away, and older users run a background thread to make one. It's a key whose secret key is encrypted for each of your devices, and whose public key is advertised publicly in your sigchain. In case anyone's curious, all Keybase users are now getting "per user keys" (PUKs). Why not just sign a unique identifier to the chat, then rename locally? Similar to the way Signal does it? Also, what happens if you recent your PGP key? However, the fact it needs to be a unique chat name is kind of a pain. The experienced users just use their own PGP keys and manage it.Īs for the new interface, it does look nice. The CLI is simply not going to catch on for the normal user. The current route keybase is continuing to take is a command line interface with multiple commands necessary. It needs to be no clicks to at max one click. On the other hand, most people I work with, my family, other friends, etc. but because we were security conscious we could power through. Facebook couldn't look into our messages, and everything was pretty easy. Facebook Messanger, Slack, G chat / hangouts, etc. The idea was to make it easier for my friends and I to send encrypted messages over any medium. I like the service keybase provides, but I don't think it has any chance of taking off with the general public.ġ8 months or so ago I wrote an app called An圜rypt, utilizing Keybase under the hood: It can be visually or verbally reviewed without effort. I guess in summary: why is a name better than a fingerprint? It can be memorized without effort. If a team name can be equivalent to one, but the cost is that the space is limited, it's worth it. From encrypted chats to SSH server fingerprints (ugg!) - people don't check them. Everything is easier.Īlso, I'm not that cynical by nature, but I've had a lot of conversations with people about security since we started Keybase. ![]() If it's digital over an alternative medium - then the sharer doesn't have to go look up their team's identifier in order to talk about it. If it's an in-person conversation it's validated entirely without looking anything up. With our testers, I've already had so many conversations about team names. Any time we played through the mental exercise of ambiguous names, it led us back to the deep pains of reading out loud security codes or fingerprints, or relying on some kind of hard-to-use web of trust around trusting people and then their vouching for teams. There are so many conveniences around a global team name.
0 Comments
Leave a Reply. |