[cryptography] Javascript Password Hashing: Scrypt with WebCrypto API?

stef s at ctrlc.hu
Sun Mar 15 07:45:02 EDT 2015

On Wed, Mar 11, 2015 at 01:02:14PM +0100, Fabio Pietrosanti (naif) - lists wrote:
> On 3/11/15 12:42 PM, stef wrote:
> > against state level actors. i mean globaleaks clearly has state-level actors
> > in their threat-model, right?
> No, GlobaLeaks doesn't consider in it's threat model an NSA-like actor.

observe, how the question regarding "state-level" actors is dodged by reducing
the set to "nsa-like" (what does that even mean?)

and knowing the dutch, the hungarian and the serbian globaleaks users
personally, i can assure you they are operating outside your threat-model, and
i'm not sure they are aware of it.

> Check the Threat Model link on https://globaleaks.org in the footer to
> get a better insight.

i now understand why you did not link this directly:

seriously on google? your threatmodel seems indeed quite limited.

you should be much more open about your limits.

your actions and words to not instill trust in your product.

otr fp: https://www.ctrlc.hu/~stef/otr.txt

More information about the cryptography mailing list