[cryptography] Introducing SC4 -- feedback appreciated
ron at flownet.com
Fri Apr 17 14:56:48 EDT 2015
On Apr 17, 2015, at 11:27 AM, Dominik Schuermann <dominik at dominikschuermann.de> wrote:
> what problem of traditional PGP implementations did you solve?
The fact that to use PGP you have to install an application. (This is true for Peerio as well.) That turns out to be too much friction for most people. Whenever you have to install an application you have to decide whether or not you trust the application, and most people have no basis for making that assessment. That leads to potential disasters like NQ Mobile Vault . There are a couple of other advantages too  but that’s the main one.
> * Looks like key exchange problem is still present (sent by mail)
At the moment that’s true. I’m planning to build a key server, but I wanted to make sure I had the crypto working first.
> * Any key authentication? I don't see any verification or
> certification model.
Not yet. The key server will do automatic email verification, but key authentication in general is a very hard problem that I’m not really addressing. The goal here is to make something with very low friction to encourage non-technical people to use it and get them accustomed to having and using a key.
 A secondary advantage (I claim) for SC4 over PGP is that PGP uses RSA keys by default, which are big and cumbersome, and difficult to generate securely because you need a trustworthy prime number generator. ECC keys are much easier to generate from any source of entropy because you don’t need to generate primes.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the cryptography