Re: keybase.io

[Attilla de Groot <attilla () attilla nl>]

Hi,

On 20 Jun 2014, at 22:22, Rikairchy <blakcshadow () gmail com> wrote:

> There is an option to create as well as upload your private key. I'm
> very new to this type of encryption, having only worked with
> Truecrypt, SSH, and Bitloccker prior, but I was under the impression
> that the private key was the last thing you should part with. Why
> would a website focused on providing security allow users to upload
> their private keys?

You are completely correct. That is why they discourage using this feature:

> Browser crypto can be scary. Do you have an evil extension installed? We can't tell. Further, have we been tortured 
> into serving you custom, targeted JavaScript? Hopefully you're not that important.
> So: only use this page if (1) you feel your browser is clean and (2) a life doesn't depend on it.
>
> Alternatively, the keybase program is open source and uses both GPG + the Keybase identity proofs API. It's great. 

However, there are users that (for whatever reason) do want to use it.


— Attilla

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/