undefined | Better HN

0 pointsfuoqi5y ago0 comments

Ah, I thought it's a JS library used on a server side. But am I correct that they still pass the derived master-key to server side in a plain form?

Citing the OP:

>Sure, you might tolerate a longer unlock time, but is the security gain really worth the cost to your battery?

I think the battery concern is over-blown. How often do you login into a service? I think that for typical use-cases, amortized battery-cost of a login is negligible. And for other use-cases you can let users choose.

0 comments

demosito6665y ago

> But am I correct that they still pass the derived master-key to server side in a plain form?

No. Master key doesn't leave client machine, only its hash is transmitted over the network. See dchest's link above.

CyberRage5y ago

These cloud based solutions perform hashing+salting+KDFing locally and then add additional compute cost on the cloud level.

I don't see any issues with that.

fuoqiOP5y ago

The issue is that if an attacker can eavesdrop on a compromised authentication server, then it can record user's master-key and thus he will be able to impersonate user without issues until the password gets changed (i.e. the derived master-password is actually plays role of a password now). With PAKE this issue simply does not exist.

CyberRage5y ago

Nono. the master-key never leaves the device.

Via the master-key, the program derives(locally) the key to encrypted the data and a different secondary key for authentication against the server. without knowing the master-key you can't decrypt the vault even if you were able to trick the server into sending you the vault.

The vault is decrypted locally

1 more reply

j / k navigate · click thread line to collapse

0 pointsfuoqi5y ago0 comments

Ah, I thought it's a JS library used on a server side. But am I correct that they still pass the derived master-key to server side in a plain form?

Citing the OP:

>Sure, you might tolerate a longer unlock time, but is the security gain really worth the cost to your battery?

0 comments

demosito6665y ago

> But am I correct that they still pass the derived master-key to server side in a plain form?

No. Master key doesn't leave client machine, only its hash is transmitted over the network. See dchest's link above.

CyberRage5y ago

These cloud based solutions perform hashing+salting+KDFing locally and then add additional compute cost on the cloud level.

I don't see any issues with that.

fuoqiOP5y ago

CyberRage5y ago

Nono. the master-key never leaves the device.

The vault is decrypted locally

1 more reply

j / k navigate · click thread line to collapse