It's a really neat idea, though I'm not a big fan of having it as a browser extension.
Two observations:
1. Password strength is really, really important now, since it is deterministically transformed into your key pair.
It's not like the passphrase for a GnuPG key where you'd have to steal the private key in the first place, in order to do something evil with the recovered weak passphrase.
2. There's another big caveat re: password. In most systems that we know it doesn't matter if you have a non-unique password, as long as it's not guessable.
In this scheme your identity will be merged with everyone else who has thought of the same password.
Another advantage of using a passphrase-generated keypair is that encrypting files doesn't require a passphrase.
For example, it would be possible to implement a backup service that automatically performs backups in the background, and only asks for the passphrase in the event of a restore.
4 comments
[ 2.2 ms ] story [ 17.7 ms ] threadTwo observations:
1. Password strength is really, really important now, since it is deterministically transformed into your key pair. It's not like the passphrase for a GnuPG key where you'd have to steal the private key in the first place, in order to do something evil with the recovered weak passphrase.
2. There's another big caveat re: password. In most systems that we know it doesn't matter if you have a non-unique password, as long as it's not guessable. In this scheme your identity will be merged with everyone else who has thought of the same password.
There are simple symmetric key programs for file encryption with symmetric keys, like AESCrypt, which integrates into the Explorer shell on Windows.
For example, it would be possible to implement a backup service that automatically performs backups in the background, and only asks for the passphrase in the event of a restore.