Re: [briar-devel] assorted UI comments (and no tor on battery)
Brought to you by:
akwizgran
Menu
▾
▴
Re: [briar-devel] assorted UI comments (and no tor on battery)
|
From: Greg T. <gd...@le...> - 2019-04-28 22:40:47
|
Julian Fagir <gn...@to...> writes: > let me add to this one point: > > Am Mon, 15 Apr 2019 19:25:13 -0400 schrieb Greg Troxel <gd...@le...>: >> When starting, I'm asked to give a new password to create an account >> (ish). It's unclear from the UI what this is for. I 99% know it's to >> secure the account credentials (priv/pubkey pair?) and probably to >> encrypt the stored messages and maybe even settings even beyond the >> normal FDE. I realize overload is easy, but it would be nice to make >> this clearer. > > As far as I understood, this password has to be supplied every time you > reboot? Anyway, passwords are a huge UI problem. I tried using briar > with a friend, but when I didn't know the password after a reboot > anymore, nothing worked anymore. > It would be nice if there was a way to have a password stored in the > phone rather than in the head of the user. This is the basic tension between security and usability. One approach is to have a key (password) for briar, separate from security for the phone/system itself. Another approach is to trust the platform. The extra-key-for-briar approach arguably has better security, but is more awkward. A reasonable person might think that you the user should be able to choose, based on your assessment on the relative merits of threats and convenience (after all, some things are so inconvenient that they are unusable). My understanding is that Briar believes that any user that prefers convenience over maximal security could not possibly know what they are doing, and thus, the password is mandatory. |
