Hacker News new | past | comments | ask | show | jobs | submit login

They aren't sending the PASSWORD in the clear, they're sending (effectively) a public key.

Bob sends public key to Alice. Alice uses public key to encrypt file and sends to Bob. ONLY Bob can decrypt the file (using his PRIVATE key).

If you sent a password, then anyone who intercepted it AND the encrypted archive would be able to decrypt it.




seems that how they generate the keys, it's basically the same. The same password would generate the same keys. Anyone who uses the same password would be able to decrypt data sent to anyone else using the same password.

Am I understanding this correctly?


If I send you an encrypted file with minilock, you won't know my password, and I won't know yours, but you'll be the only one that can read it, and also you'll be sure I've sent it and not anyone else.

Public key crypto has more advantages and users should understand the basics. This introduction may be more clear (4:30) https://www.youtube.com/watch?v=vMiBwMHcSn0

Also I would only use their 7-random-words feature for passwords.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: