Have you ever forgotten a passphrase or lost a hardware token? Lost access to enough Bitcoin to buy a pizza or two? Encryption is fundamental to securing our liberties, but key and password management remain difficult even for professionals, let alone the general public.
This talk presents Passcrow, an Open Source project attempting to address one of crypto's largest usability issues: password and key recovery in a decentralized environment.
Passcrow is an attempt to bring "password reset" functionality to applications using strong encryption, without sacrificing security. Potential applications include password managers, secure messengers, general purpose encryption tools (including OpenPGP and hard drive encryption) and cryptocurrency wallets.
Locally encrypted data is extremely vulnerable to lost passwords and lost keys; by definition the goal of local encryption is to prevent third parties from having access to your data, which means there is no third party capable of "resetting your password" if you lose it or forget it. This presents a significant barrier to adoption for many privacy preserving applications: when forced to choose between reliability and privacy, most users will quite rationally choose reliability.
This project is in an early stage of development and is seeking feedback and participation from the community. The motivation and rationale for the project will be discussed, the current project status summarized and existing tools and code demonstrated.
Passcrow is a spin-off from Mailpile (www.mailpile.is), the secure e-mail client. Passcrow is inspired by Mailpile's experience attempting to make e-mail encryption more usable for non-technical users, and will be used in future versions of the app.