There's a bit where he implies that if an encryption process doesn't take very long to execute on a smartphone, then it must be easy to crack the resulting file on a powerful server. Am I making a mistake here?
I don't agree with his point "SQRL:// is a bad idea" because custom scheme is only for launching the SQRL app nothing else and the data that is passed through URL will be a random value
5 comments
[ 5.8 ms ] story [ 38.3 ms ] threadScrypt can be held up as a very good choice for key stretching.
See https://www.grc.com/sqrl/sqrl.htm for an explanation, which differs drastically from everything that is described in the post.