cjvanlissa
commented
3 years ago I love this!! How confident can we be that the data can not be decrypted by brute force, even by those with access to powerful machines?
Open aaronpeikert opened 3 years ago
cjvanlissa
commented
3 years ago I love this!! How confident can we be that the data can not be decrypted by brute force, even by those with access to powerful machines?
cjvanlissa
commented
3 years ago IF we implement this, I think it would be smart to have the function ask for the key in a dialog, instead of allowing researchers to provide it as an argument. Because I foresee that users will push a script with the key still in there.
aaronpeikert
commented
3 years ago I think the first security issue that you raise, that someone with a lot of computing power, brute forces the encryption is much more unlikely than the second, that someone leaks it accidentally. If we use the selenium encryption from cyphr (curve25519)[https://cr.yp.to/ecdh/curve25519-20060209.pdf] is employed. Its author claims it to have superior encryption to other 128bit encryption algos. But even when not, StackOverflow suggests it would take 68⋅10^18 seconds (a few thousand times the age of the universe).
But I really worry about accidentally leaking the key or accidentally committing the data to git unencrypted etc.
I think it would be great if one could employ encryption as a means to avoid separation of data and code. Using cyphr with a shared secret could be an idea. Maybe this is superior to #95