So is this protocol (Juicebox) at least safe when used with a high-entropy PIN/p... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		lxgr 74 days ago \| parent \| context \| favorite \| on: A bit more on Twitter/X's new encrypted messaging So is this protocol (Juicebox) at least safe when used with a high-entropy PIN/passphrase then? What's nice about Meta's similar implementation for chat backup using OPAQUE is that, given a high-entropy passphrase, the reliance on the server/HSM as a trusted actor goes away.

lxgr 74 days ago [–]

Oh, just tried it myself: "Create a 4-digit passcode". Nope.

To not even let users choose their own security tradeoffs with an optional longer passphrase seems very bad.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact