Re: [Tails-dev] Suggestion: Determistic key generation optio…

Delete this message

Reply to this message
Autore: Daniel Kahn Gillmor
Data:  
To: Sebastian Nielsen, 'u', 'The Tails public development discussion list'
Oggetto: Re: [Tails-dev] Suggestion: Determistic key generation option for completely read-only systems
On Wed 2018-07-25 05:52:40 +0200, Sebastian Nielsen wrote:
> The problem it would solve, is that you can avoid having a persistent
> partition alltogether, but still allow users to be able to use PGP
> encryption and SSH keys and similiar. By simply determisticly generating
> them out of a password that user enters on startup.


This has a range of potential downsides that other people have already
pointed out (passphrase reuse means duplicate keys, impossibility of
changing keys, etc). Additionally, just generating keys from this
passphrase doesn' obviate the need for an encrypted persistent volume
for some users; some users are actually storing data that they care
about (photos, documents, etc) in the persistent volume, and that data
cannot be generated from the passphrase.

It's not clear to me that the benefit is worth the risks here, but if
you wanted to do something like this for Tails, the right approach would
be to make it work generally, as a straightforward, well-engineered
piece of software (for a project like this, user experience and system
integration seem like critical features). Get that software into
debian, and then ask for its inclusion in Tails.

This isn't a short process -- to do something like this right takes a
lot of work and persistence! And in the course of developing it and
interacting with real users, you might find yourself with new ideas
about what would be useful, either cryptographically or from a UI/UX
perspective. But by all means, please do work on it -- we need more
experimentation and exploration in this area.

      --dkg