[Standards] Encrypted Storage (Was: off-server archives with MAM)

Thijs Alkemade thijs at xnyhps.nl
Sat Apr 18 09:59:43 UTC 2015


> On 18 apr. 2015, at 11:42, Georg Lukas <georg at op-co.de> wrote:
> 
> 1. When a user logs in for the first time, an asymmetric keypair is
> created (I was thinking of Curve25519, where key creation is almost
> free). The private key is encrypted with a key derived from the user
> password / SASL state (https://www.zash.se/mod_storage_encfs.lua.html is
> a PoC for that).
> 
> 2. All data that is stored for the user is encrypted with their public
> key and appended to their "container".

What do you mean with “SASL state”? All of the data the server has after a
SCRAM-SHA-1 exchange is either a) stored on the server, b) session specific.
You can’t derive a key from that which the server could not derive on its own.

Regards,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.jabber.org/pipermail/standards/attachments/20150418/5fe1f2c8/attachment.sig>


More information about the Standards mailing list