Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Email as salt! #52

wants to merge 3 commits into from

3 participants


See discussion at #45

@kaepora kaepora closed this
@kaepora kaepora deleted the salt branch

Only for understanding: The e-mail is like an additional password not like a salt, right?
So the used e-mail address is not ascertainable unless you know the correct passphrase + e-mail address?


@ovalseven8 I don't understand your question.


@kaepora I think he meant "So the user miniLock ID is not..."


Sorry for the unclear question.
What I mean: A salt is public normally and if I have understood, the origin suggestion was to create a random salt which is contained in the miniLockID (see #45).
The variant that you have implemented don't show the "salt", right? So it is like two passphrases combined to one.


@ovalseven8 The salt (email) you choose will be impossible for anyone else to obtain, so in that sense, it kind of is like a passphrase.


Still think that the e-mail address variant don't fit.
What if the user writes and next time Both are e-mail addresses and correct ones - but the »salt« is different. So a function is needed that converts all small letters to capital letters or conversely. (Sorry, if already implemented).

Note: If a rainbow table attack from a powerful organisation is successful (I know it's hard but we should be prepared for everything) they can also know your e-mail address from now on. So the anonymity is also damaged. And, as I said, it could be very confusing to many people if they have to use their e-mail address to use miniLock.


In this 'email as salt' situation, is it advise for people to use their real email adresse(s) or is it better to use a "created" on-purpose mail adress for miniLock ?

Sorry if my question is so low-level but I'm not sure the users will understand this nuance without explaining it on the UI. :)

@kaepora kaepora added this to the 0.0.1 milestone
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jul 23, 2014
  1. Replace scrypt library

  2. Update

Commits on Jul 25, 2014
  1. Email as salt!

    See discussion at #45
Something went wrong with that request. Please try again.