21

A tech company dedicated to improving security and lowering the learning curve of being secure

Comments
  • 1
    That sounds pretty cool! There's one around here, but their way of doing stuff doesn't work too well with me.
  • 0
    keybase maybe?
  • 0
    @TuguMonas no I'm on keybase, while i like the idea its only focusing on security with gpg and they are making too many sacrifices on security to make it easier.

    I'm talking more like a fully encrypted linux distro that is resistant to keyloggers, mouse wiglers, brute force logins, etc. And email servers that gpg encrypt emails. I could think of more given enough time
  • 0
    @jckimble full disclosure, I am a college student interested in crypto though won't be in any crypto/security class until next semester.

    what kind of "sacrifices on security" that you think? I could not think of one since I first signed up but I'm also a n00b.

    but yeah, the ideas you list out is very interesting! I'm really into these things just haven't given enough time to study further yet.
  • 0
    Well keybase has two blaring sacrifices that i see the first is with the core system being that they store the private keys on a public server only protected by a password. While this can be mitigated by generating your own keys and uploading a "laptop keypair" without your main identity key they don't do it by default. The second one is with the chat. They cut out forward secrecy so all messages will show on any new devices you add.
  • 0
  • 0
    Ah, I can totally see the point. The online thing, I don't think it would attract users as much if they had not seen any demo online. But yeah I hadn't think about it before.

    However I still think this is a nice progress to move towards encryption with less hassle, which I really like.
  • 0
    @TuguMonas well they could generate a keyring that has certify, sign, and encrypt keys split up and make the user download the full keyring before removing the certify private key from their server. This way everything would still work and it would be more secure since the certify key is essentially your online identity, and if compromised the sub keys can be revoked and replaced without messing with it
Add Comment