[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Keybase.io



Wait, do you *have* to keep your private keys in keybase? I thought it
was mostly pubkey operations?

I'm much more skeptical if they keep private keys, that's dark stuff.
Imagine how many private keys are protected with terrible passwords, and
what damage you could do to the WOT if you could just quietly crack
enough keys in the WOT and use them to sign a fraudulent cert?

On 24/06/14 12:22, MrBiTs wrote:
>> I've been very impressed with how Keybase has evolved, and how well they explain their model to users. It is without a doubt
>> what I'd recommend to a semi- or un-technical user to get them started.
> 
>> They have a walkthrough of their approach to security and threat models here: https://keybase.io/docs/server_security
> 
>> And they explain "tracking" in detail here: https://keybase.io/docs/tracking
> 
> More than only create a great documentation, the wrapper they wrote in NodeJS abstracts GnuPG commands making easy to any
> un-technical person to use cryptography constantly. Of course a little bit of paranoya is always good, and I don't agree with the
> idea to host my private keys in a server I don't control, even cyphered with a password, but I think it can solve the problem that
> users forget or loose your keys and our keychain remains with unuseable, no revogated keys.
> 
> CheerS
> 
> 

-- 
T: @onetruecathal, @IndieBBDNA
P: +353876363185
W: http://indiebiotech.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20140624/e2f125e3/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20140624/e2f125e3/attachment.sig>