Weak password can cause confidentiality loss

jackwherry / cryptux

Dead-simple E2E secret-key group chat (but don’t trust this for anything important)

MIT License

3 stars 1 forks source link

Weak password can cause confidentiality loss #1

Open jackwherry opened 5 years ago

jackwherry commented 5 years ago

Using password for authentication and public key crypto for messages is significantly more secure.

jackwherry commented 5 years ago

Solution: use a good password.

sylvain101010 commented 5 years ago

Alternatively you can use a Key Derivation Function like PBKDF2 or Scrypt.

This will derive a 'strong' password from the weal password, with the required length in bits

jackwherry commented 5 years ago

My use of Argon2id in this context should fulfill the same requirements, yes? I think the other person’s concern related to the ease of brute-forcing because the password is used for more than just authentication. Of course, I’m no expert at all, so I’m game for any and all suggestions.

You can see how it works here: https://github.com/jack-the-coder/cryptux/blob/7bf9cca03ad06633819900b5fbb9f06733866372/client/client.go#L29