5 comments

[ 5.8 ms ] story [ 38.3 ms ] thread
I hope these concerns were contributed to GRC's newsgroups.
There's a bit where he implies that if an encryption process doesn't take very long to execute on a smartphone, then it must be easy to crack the resulting file on a powerful server. Am I making a mistake here?
Yes, its confused.

Scrypt can be held up as a very good choice for key stretching.

I don't agree with his point "SQRL:// is a bad idea" because custom scheme is only for launching the SQRL app nothing else and the data that is passed through URL will be a random value
I think that basically all concerns that are raised are invalid, because the person who posted them doesn't understand how SQRL works.

See https://www.grc.com/sqrl/sqrl.htm for an explanation, which differs drastically from everything that is described in the post.