Using Passcrow to recover from lost passwords

Presented at May Contain Hackers (MCH2022), July 22, 2022, 8 p.m. (30 minutes)

Have you ever forgotten a passphrase or lost a hardware token? Lost access to enough Bitcoin to buy a pizza or two? Encryption is fundamental to securing our liberties, but key and password management remain difficult even for professionals, let alone the general public.

This talk presents Passcrow, an Open Source project attempting to address one of crypto's largest usability issues: password and key recovery in a decentralized environment.

Passcrow is an attempt to bring "password reset" functionality to applications using strong encryption, without sacrificing security. Potential applications include password managers, secure messengers, general purpose encryption tools (including OpenPGP and hard drive encryption) and cryptocurrency wallets.

Locally encrypted data is extremely vulnerable to lost passwords and lost keys; by definition the goal of local encryption is to prevent third parties from having access to your data, which means there is no third party capable of "resetting your password" if you lose it or forget it. This presents a significant barrier to adoption for many privacy preserving applications: when forced to choose between reliability and privacy, most users will quite rationally choose reliability.

This project is in an early stage of development and is seeking feedback and participation from the community. The motivation and rationale for the project will be discussed, the current project status summarized and existing tools and code demonstrated.

Passcrow is a spin-off from Mailpile (www.mailpile.is), the secure e-mail client. Passcrow is inspired by Mailpile's experience attempting to make e-mail encryption more usable for non-technical users, and will be used in future versions of the app.


Presenters:

  • Bjarni RĂșnar Einarsson
    Bjarni RĂșnar Einarsson is an Icelandic hacker who has been working on software development and systems administration since the mid-90s. He cares deeply about Open Source, digital autonomy and user privacy. Bjarni created and runs PageKite (www.pagekite.net), and was one of the founding members and lead developer of Mailpile (www.mailpile.is). He still works on both projects as much as he can. Bjarni tweets things at https://twitter.com/HerraBRE .

Links:

Similar Presentations: