TID: FMail-lnx64 2.1.0.18-B20170815
RFC-X-No-Archive: Yes
TZUTC: 0100
CHRS: UTF-8 2
PID: GED+LNX 1.1.5-b20161221
MSGID: 2:280/464 61f56ba8
REPLY: 2:221/1.58@fidonet f8e44f3a
Hi August,

On 2022-01-29 09:12:00, you wrote to me:

 AA>>> They do however store the passphrase using a SHA-1
 AA>>> hashcode.  I thought SHA-1 was depricated.

 WvV>> It is considered no longer safe, afaik...

 AA> But does it matter so much if the keymanagement is local on the
 AA> client?

It always matters!

 AA> However, it is somewhat astonishing that SHA-1 was/is even used
 AA> in the design.

Indeed. Which makes you question if they made other mistakes.

 WvV>> An attacker with enough resources could in theory find
 WvV>> some or all passwords. And of course that becomes
 WvV>> progressively easier in the future...

 AA> I am not impressed with the reports that people can process
 AA> millions of hashes per second using dedicated GPUs.  So what if
 AA> the hashes are decoded. They can't do anything with them to
 AA> target millions of people enmasse anyway. I think they would
 AA> have to target SPECIFIC accounts and run the passwords one by
 AA> one.

 AA> In Safester, the decoded hash would reveal the passphrase, but
 AA> the decrypting of the messages would be useless without the
 AA> user's key which would reside in the local Safester prog or
 AA> app.

Well if your life depended on it, would you rather use Safester or Opengpg?

 WvV>> So you can only exchange messages with other Safester
 WvV>> users.

 AA> Yeah.  :(  But it's not as bad as it sounds!  ;)   I think that
 AA> may be better than forcing people to try DeltaChat as a 1st-
 AA> time venture into secure communications.

The biggest drawback to me is you depend on a commercial company for your
secure mail. What if someone pays them a big sum for being able to eavesdrop
on your conversations, will they make a backdoor? What if they go bankrupt? Is
your mail lost forever?

Bye, Wilfred.
--- FMail-lnx64 2.1.0.18-B20170815
 * Origin: FMail development HQ (2:280/464)
SEEN-BY: 1/123 15/0 30/0 90/1 105/81 106/201 120/340 123/131 124/5016
SEEN-BY: 129/330 153/757 7715 154/10 203/0 221/0 1 6 226/30 227/114
SEEN-BY: 229/110 206 317 400 424 426 664 700 240/5832 266/512 280/464
SEEN-BY: 280/5003 282/1038 292/854 8125 301/0 1 101 310/31 317/3 320/219
SEEN-BY: 322/757 342/200 396/45 423/120 460/58 712/848 770/1 2452/250
PATH: 280/464 301/1 229/426