4 comments

[ 2.2 ms ] story [ 17.7 ms ] thread
It's a really neat idea, though I'm not a big fan of having it as a browser extension.

Two observations:

1. Password strength is really, really important now, since it is deterministically transformed into your key pair. It's not like the passphrase for a GnuPG key where you'd have to steal the private key in the first place, in order to do something evil with the recovered weak passphrase.

2. There's another big caveat re: password. In most systems that we know it doesn't matter if you have a non-unique password, as long as it's not guessable. In this scheme your identity will be merged with everyone else who has thought of the same password.

A public-private key that is derived the same way from a passphrase is not public key encryption. It is effectively a symmetric key: shared secret.

There are simple symmetric key programs for file encryption with symmetric keys, like AESCrypt, which integrates into the Explorer shell on Windows.

With this one person can encrypt a file to another without agreeing on a shared secret in advance. You can't do that with AES.
Another advantage of using a passphrase-generated keypair is that encrypting files doesn't require a passphrase.

For example, it would be possible to implement a backup service that automatically performs backups in the background, and only asks for the passphrase in the event of a restore.