rugk
rugk
Also, we cannot download the paste to test decrypting without a password, because in terms of https://github.com/PrivateBin/PrivateBin/pull/216 this would delete a password.
> The key can be brute forced as well with or without HMAC, can't it? \* password But, yes, of course. > And I assume we would always use the...
> However, we may prevent that if we use the paste hash in the HMAC, too. So all seems to be ok. Note to myself: Yes, this is the point!...
ehm… Or we could simplify that if we just don't use the paste ID in the HMAC? ~~I mean, the paste encryption key should be unique enough.~~ Actually, we only...
> And we can't have the visitor ask the server for that pasteToken, as this would definitely leak the information that the paste exists This was the idea… > Or...
Yep, this would be required. The protocol is [already described here kinda](https://github.com/PrivateBin/PrivateBin/issues/245#issue-255067586). I later described it again with pasteId, but as we see this would make stuff quite complicated for...
> HMAC must be replaced by PBKDF2 with (in)sane number of rounds Good point, but in reality we need to do all that anyway, so we could re-use the [derived...
Well I looked at the video and that looks pretty damn cool! Formal verification in an somewhat easy way, ugh… nice. Maybe make a new issue? Because modelling the general...
First, awesome, thanks! I may look into that when I setup my own Verifpal here. (stupid snap package they have) > All of the questions fail verification - […] but...
Remember to see https://github.com/PrivateBin/PrivateBin/issues/620 for an alternative implementation (possibility).