[Standards] Encrypted Storage (Was: off-server archives with MAM)

Dave Cridland dave at cridland.net
Sat Apr 18 10:39:51 UTC 2015

On 18 Apr 2015 11:34, "Thijs Alkemade" <thijs at xnyhps.nl> wrote:
> > On 18 apr. 2015, at 11:59, Thijs Alkemade <thijs at xnyhps.nl> wrote:
> >
> >
> >> On 18 apr. 2015, at 11:42, Georg Lukas <georg at op-co.de> wrote:
> >>
> >> 1. When a user logs in for the first time, an asymmetric keypair is
> >> created (I was thinking of Curve25519, where key creation is almost
> >> free). The private key is encrypted with a key derived from the user
> >> password / SASL state (https://www.zash.se/mod_storage_encfs.lua.html
> >> a PoC for that).
> >>
> >> 2. All data that is stored for the user is encrypted with their public
> >> key and appended to their "container".
> >
> > What do you mean with “SASL state”? All of the data the server has
after a
> > SCRAM-SHA-1 exchange is either a) stored on the server, b) session
> > You can’t derive a key from that which the server could not derive on
its own.
> Zash pointed out to me that I was wrong. The ClientKey does not change
> sessions, is not stored on the server (during normal operation) and the
> does compute it during login. It could be used to derive a key.

However it's pretty weak for such usage, and would tie clients into a
specific SASL mechanism; I don't see an upgrade path should that mechanism
develop an exploit.

I think you'd be better off going along with Peter's suggestion that trying
to store encrypted archives on the server.

> Thijs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20150418/97d0d6e7/attachment.html>

More information about the Standards mailing list