Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Email as salt! #52

Closed
wants to merge 3 commits into from

3 participants

@kaepora
Owner

See discussion at #45

@kaepora kaepora closed this
@kaepora kaepora deleted the salt branch
@ovalseven8

Only for understanding: The e-mail is like an additional password not like a salt, right?
So the used e-mail address is not ascertainable unless you know the correct passphrase + e-mail address?

@kaepora
Owner

@ovalseven8 I don't understand your question.

@ghost

@kaepora I think he meant "So the user miniLock ID is not..."

@ovalseven8

Sorry for the unclear question.
What I mean: A salt is public normally and if I have understood, the origin suggestion was to create a random salt which is contained in the miniLockID (see #45).
The variant that you have implemented don't show the "salt", right? So it is like two passphrases combined to one.

@kaepora
Owner

@ovalseven8 The salt (email) you choose will be impossible for anyone else to obtain, so in that sense, it kind of is like a passphrase.

@ovalseven8

Still think that the e-mail address variant don't fit.
What if the user writes firstnamesurname@mail.com and next time FirstnameSurname@mail.com? Both are e-mail addresses and correct ones - but the »salt« is different. So a function is needed that converts all small letters to capital letters or conversely. (Sorry, if already implemented).

Note: If a rainbow table attack from a powerful organisation is successful (I know it's hard but we should be prepared for everything) they can also know your e-mail address from now on. So the anonymity is also damaged. And, as I said, it could be very confusing to many people if they have to use their e-mail address to use miniLock.

@Leodagan

In this 'email as salt' situation, is it advise for people to use their real email adresse(s) or is it better to use a "created" on-purpose mail adress for miniLock ?

Sorry if my question is so low-level but I'm not sure the users will understand this nuance without explaining it on the UI. :)

@kaepora kaepora added this to the 0.0.1 milestone
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jul 23, 2014
  1. Replace scrypt library

    authored
  2. Update RESOURCES.md

    authored
Commits on Jul 25, 2014
  1. Email as salt!

    authored
    See discussion at #45
Something went wrong with that request. Please try again.