

The Ultra-Simple App That Lets Anyone Encrypt Anything - caractacus
http://www.wired.com/2014/07/minilock-simple-encryption/

======
Tomte
It's a really neat idea, though I'm not a big fan of having it as a browser
extension.

Two observations:

1\. Password strength is really, really important now, since it is
deterministically transformed into your key pair. It's not like the passphrase
for a GnuPG key where you'd have to steal the private key in the first place,
in order to do something evil with the recovered weak passphrase.

2\. There's another big caveat re: password. In most systems that we know it
doesn't matter if you have a non-unique password, as long as it's not
guessable. In this scheme your identity will be merged with everyone else who
has thought of the same password.

------
kazinator
A public-private key that is derived the same way from a passphrase is not
public key encryption. It is effectively a symmetric key: shared secret.

There are simple symmetric key programs for file encryption with symmetric
keys, like AESCrypt, which integrates into the Explorer shell on Windows.

~~~
lxgr
Another advantage of using a passphrase-generated keypair is that encrypting
files doesn't require a passphrase.

For example, it would be possible to implement a backup service that
automatically performs backups in the background, and only asks for the
passphrase in the event of a restore.

