[cryptography] Javascript Password Hashing: Scrypt with WebCrypto API?

stef s at ctrlc.hu
Sun Mar 15 07:45:02 EDT 2015


On Wed, Mar 11, 2015 at 01:02:14PM +0100, Fabio Pietrosanti (naif) - lists wrote:
> On 3/11/15 12:42 PM, stef wrote:
> > against state level actors. i mean globaleaks clearly has state-level actors
> > in their threat-model, right?
> No, GlobaLeaks doesn't consider in it's threat model an NSA-like actor.

observe, how the question regarding "state-level" actors is dodged by reducing
the set to "nsa-like" (what does that even mean?)

and knowing the dutch, the hungarian and the serbian globaleaks users
personally, i can assure you they are operating outside your threat-model, and
i'm not sure they are aware of it.

> Check the Threat Model link on https://globaleaks.org in the footer to
> get a better insight.

i now understand why you did not link this directly:
https://docs.google.com/document/d/1niYFyEar1FUmStC03OidYAIfVJf18ErUFwSWCmWBhcA/pub

seriously on google? your threatmodel seems indeed quite limited.

you should be much more open about your limits.

your actions and words to not instill trust in your product.

-- 
otr fp: https://www.ctrlc.hu/~stef/otr.txt


More information about the cryptography mailing list