Hacker News new | past | comments | ask | show | jobs | submit login
Keybase's New Key Model (keybase.io)
187 points by aston on Sept 25, 2015 | hide | past | web | favorite | 79 comments



Since the keybase people are probably here reading, can I make a suggestion? Please change your logo from a shifty-looking character to something that inspires more confidence. I actually think the character in the logo is cool and I love your artwork but I just think the logo sends the wrong message. Google Chrome's private browsing mode does the same thing...

Identity management and encryption should strive to be associated with concepts of strength, integrity, legitimacy, trust, cleanliness and safety. There is nothing shady about it and we shouldn't need a guy in a trench coat to represent the idea that we should be able to confirm that our friends who are communicating with us are who they say they are and not imposters. Let's focus more on the trust part and less on the sleuthing in the dark part.

Sorry, just my $0.02... I only tell you because I want you to succeed.


Direct link to the logo, since it took me a few clicks: https://keybase.io/images/logo.png


What’s wrong with the fox? I like their logo. A lot of big, mainstream brands have fun-looking mascots. They may have to redesign and improve it as they grow, like everybody does, but I don’t see it necessary to replace it completely.


What fox? The logo looks a lot more like some sort of a criminal Berenstain Bear (see http://www.nelvana.com/content/assets/shows/berenstain-bears...).

I agree that the logo insinuates that you're probably sneaking around doing nefarious things, if you're interested in encrypting your messages.


Yeah I like it too... as a character it's fun and silly and everything I like about being a developer. What I don't like about it is exactly as I said: too shifty looking. As you say, it's time to redesign and improve it. It doesn't have to go away and it could remain the company mascot if they wanted. I would hope it does. (also, I'm not sure it's a fox? is it?)

I actually feel a bit bad saying it and sad this is the top comment right now since it's a fairly minor point and way less important than what they are doing. I just think you have one chance to make a first impression about what your company stands for and the logo is a big part of that. In fact it's one of the parts that is most likely to end up representing your brand on other sites. Looking at their site, I think they care about that a lot and put a lot of effort into it so I hope this comes off in the best possible way.


How about this?

http://i.imgur.com/R9f96Wr.png

(get it, it's a key-bass ... whew)


I vote for an angel holding a key (to be drawn using a fantasy/videogame art style, not a religious one).


How about a snowflake made out of keys?

This is why you should never let hackers design a logo.


Can somebody explain the difference between NaCl and PGP and why I want device-specific NaCl keys instead of device-specific PGP keys?


I didn't design this so I can't say for certain, but from reading their post there are a couple of benefits that NaCL confers over PGP for generating per-device keys.

The most important benefit is probably that NaCL keys are 256-bit keys based on ECC (specifically, Curve25519), which means these keys are stronger, faster, and actually more secure than the strongest keys commonly used in PGP (4096-bit RSA keys). Critically, they are much smaller and therefore easier to communicate between people/devices.

While their ideal workflow is to communicate keys by scanning QR codes, they currently need an alternative workflow to communicate keys between desktops (and will always need an alternative for users who can't scan QR codes for whatever reason). The "Paper keys" section of the blog post discusses this at length, and shows an example of a Paper Key:

"death punch correct staple battery horse clearly cherry picked words yeah moo car lisp"

They are probably generating this (Diceware-esque) string by splitting the 256-bit key into n-bit segments, using each n-bit segment as an index into an array of words, and then joining the words to form a "sentence" that encodes the value of the key.

14 words is already pretty unwieldy, as they acknowledge in the blog post. Imagine how bad it would be if you had to encode 4096 bits instead of just 256!

That was probably the most important motivation for Keybase to use them. Other motivations may have included:

* ECC is generally considered more future-proof than RSA

* NaCL is a small library and therefore is probably easier to incorporate into a variety of clients rather than the behemoth that is GPG/libgcrypt.

* NaCL is the new hotness, PGP is old and busted


PGP may not support ECC, but then again, who the hell uses PGP over GnuPG?

https://www.gnupg.org/faq/whats-new-in-2.1.html#ecc


Well traditional PGP key-management software expects exactly one key per identity, so using per-device PGP keys would establish each device as a separate identity. This is not what you want. I'm not an expert, but I'm sure there are other good reasons.


The user identifier for PGP keys is the User-ID (name and email address), and you can have any number of PGP keys for one. GnuPG lets you search for a User-ID (or part thereof) with --list-key, the same is true for key servers. Each key can sign each other's identifier. What do you think is missing?


So I just noticed that the new client beta installs a launchd service when installed via homebrew:

https://github.com/keybase/homebrew-beta/blob/master/kbstage...

Digging into the code now, anybody know what this is for / why it's silently adding that?

EDIT: so, looks like it adds a launchd file to run `keybase service`, which is helpfully described here: https://github.com/keybase/client-beta/tree/master/client/go...

This seems to do all kinds of things, including running an RPC server and interacting with keychains: https://github.com/keybase/client-beta/blob/master/client/go...


(Hi, I work at Keybase!)

There's a document describing this client/service split here: https://keybase.io/docs/client/client_architecture


So the existing client works just fine without a long-running service and interacts with my gpg-agent to handle my passphrase. As a user, what does this new keybase service get me vs just letting the already persistent gpg-agent handle things?


It's also aimed at users who don't use gpg.


Sounds a bit like gpg-agent.

Do you have plans to support OpenPGPCard devices directly?


So... there are no actual links on this page to anything that describes Keybase. The only way to get directly to the site homepage is to edit the URL.

This is pretty annoying if you're somebody who doesn't already know what Keybase actually is.


Well, I know what Keybase is. But the page was so empty looking that I stopped reading, and checked out Noscript and Privacy Badger for blocked stuff and errors ;)


I think blogs really overdo the amount of links and nav they have (this trend is changing to minamalist now) but this is a bit too minimalist. They have a tiny footer with a link back to the blog, so they do have it, but a person curious what keybase.io is, would likely want to head to the homepage before reading a company update top to bottom to find that link.


I notice many blogs and wikis have this problem. It's like they have a separate piece of software for that component of their site, and don't bother to integrate it with their main page.


That's a good point. They should put a link up top or something so people that stumble on this can get to main site. It's a best practice for a reason. The link to the blog in general being at the bottom is strange, too.


Doesn't PGP subkeys already essentially solve the problem of requiring shared private key on devices? Its not immediately obvious what the main benefits of their solution are.


I'd like to know how they plan on dealing with subkeys -- my Keybase key is an ed25519 key kept offline, with a set of RSA subkeys generated directly on a Yubikey.

This lets me use my key on an Android device (via Open Keychain), or PC (via GnuPG's smart card interface.)

I don't want additional NaCL keys hanging around on 'online' machines outside of a secure element such as a smart card.


> my Keybase key is an ed25519 key

Could you explain how you did this? I was under the impression it was impossible because Curve25519 encryption isn't implemented yet.


The offline key isn't used for encryption, only signing. In this case, signing the subkeys, which are used for encryption (or auth, or signing).

Really not all that different from past days of having a dsa key with an el gamal subkey for encryption.


I don't think it's possible to issue subkeys that can create further subkeys, or revoke each other. You have to use the master key for that, which means going back to your safety deposit box or the center of the Earth or wherever it is you keep it. We don't want to make people do that, so we can't represent your set of devices as subkeys of a single PGP key.


I wonder about this too. I'm not even sure what this feature is supposed to do?

As best I can gather, this ties signing to keybase.io (which is anchored in a GPG-key). But it's unclear to me how this is an improvement for users. If you sign anything with a nacl sub-key, that can't be verified with gpg? It's not even clear if this will work off-line, when keybase is down, when keybase have revoked your account...?

> Technically, though, this is not a normal 2fa: the devices will share a secret with just each other.

This is exactly 2fa: two devices sharing a secret? Normally your idp and your TOTP app/token share a secret, now two of your devices share a secret?

I very much welcome someone hammering out a standard equivalent to GPG, but based on NaCL, that is: have a master key (off-line), have a private-sub-key (on-line, protected by smart card/pass phrase), enable further sub-keys -- and a companion tool (set) for verifying up the chain (like gpg2 --verify file.asc, but with file.asc being backed by a (device) sub-key, signed by the private key, signed by the "master" off-line key -- and allow for revoking "from this key and down" (eg: I lost my phone, revoke phone-key, my laptop got hacked, revoke my sub-key, and all device keys...)).

But I'm not sure if that is what keybase is trying to do?

I'm not even sure if it really makes sense to keep backwards comparability with GPG -- the main thing would probably be to be compatible with GPG agent and smartcards. For most everything else, I think a new standard would be a good thing. Perhaps with some kind of bridge, for easier transition (eg: nacl-gpg --verify file.asc, which gives similar output/return-codes to gpg, while file.asc can be signed by a "nacl-key" trusted by a gpg key. But the complexity would probably make for a less secure system until everyone could just move on to the new standard).


I don't use Keybase yet as I haven't evaluated the assurance and usually don't rely on VC-funded, startup tech for critical stuff. That said, I've enjoyed the Keybase articles so far and this is no exception. Way I see it, companies like them will keep experimenting until they figure out what approaches work in terms of usability, adoption, and potential for strong security. And then experienced, security engineers can build a stronger version of it. :)

Look forward to seeing what they brainstorm next.


i think keybase (or something like it) is going to be huge. Instead of email, sites like reddit and HN will use PGP keys for identity instead of email. I don't use keybase because 1) I'm behind 12K people for their private beta 2) I know how to run gpg --gen-key


> I don't use keybase because [...] I'm behind 12K people for their private beta

Sadly, this is the main reason most people (including me) aren't using it. I'd love to try it out, but until I can get a log in, I'm just going to ignore it. They are throwing away a lot of good-will by making these announcements, then when users go to the site they get turned away because they aren't one of the blessed few with an invite. If I don't get access soon, I'm going to file them under 'ignore', since it seems like I've been trying to get an account for years, now ;(


> this is the main reason most people (including me) aren't using it.

Most people don't know what PGP/GPG is, probably know less than nothing (have misconceptions) about encryption, and don't even realize why a service like keybase.io would be helpful, much less that it exists.

What I love about this community is that there are people like aianus below who have early access to stuff like this, and being part of this community will engender them to help you. I like this service because people outside of this community will get involved after they work out the kinks. People getting invites are developers and tech-centric people who likely have other keys anyway and are testdriving the software.

The biggest way forward for keybase would be Facebook or Twitter allowing you to integrate your key into the service.

> it seems like I've been trying to get an account for years, now ;(

The keybase github account was created 2 years ago on sept 6 ;). Someone below will likely help you out if you email them.

Thanks aianus. Appreciate the invite.


It's actually a bad idea and parent post is right: they need to open it up to more people even if still limited or with a warning that features might change. The reason has to do with their goal of making something usable for widespread audience. Asking what GPG-loving techies and HN readers think about usability will not tell you if your grandmaw or average employee will find it usable. I remember the studies on PGP surprised cryptographers in that what they thought was understandable (esp icons) were really confusing to end users.

So, they need to go ahead and get a diverse audience to spot problems early on. For sure, they should stick to a patient audience that knows they're helping something evolve rather than using a finished product. Still need to broaden and diversify it, though. I'd start with the 10,000+ volunteers on that waiting list.


I disagree. I believe there strategy is not,

> Asking what GPG-loving techies and HN readers think about usability

Although, many of us do UX or appreciate and can accurately review it, they want the GPG-loving techies to evaluate their security and software. This isn't exactly a social network, you can't move fast and break stuff, and just push flaming builds and iterate. This has to launch to the public with bulletproof security. This is because in 3 years they want "Log in with Keybase.io" on every website instead of "Log in with Facebook" and they want secondary authentication for twitter and facebook to leverage their keys. So they have to convince people and those companies they have security pretty well figured out.

I understand where you are coming from and I would like it if they rolled out quickly. They could maybe even do it tomorrow, I don't actually know but so far it seems to work well. However, the public isn't really clamoring for this anyway, because they don't even know what it is. I was even surprised how old keys were. You can see elon musks e@x.com key from the early 90's on the MIT keyserver and some are much older than that. Not even everone on HN has keys I bet, so the public isn't as anxious as you or I might be ;). I hope they release soon though.


"they want the GPG-loving techies to evaluate their security and software." "This has to launch to the public with bulletproof security."

How is merely using Keybase.io a security evaluation? It isn't. Security evaluation is all kinds of activities with specialized skill working on source, interfaces, debuggers and so on. You do that in parallel with testing of usability, performance, reliability, and so on. So, they need the security evaluations but also need users running it through paces for other reasons. They can and should do both.

"This isn't exactly a social network, you can't move fast and break stuff, and just push flaming builds and iterate."

Whose asking for that? I believe I said patient, filtered user-base that are clearly told it is a work in progress given to them for evaluation.

"I understand where you are coming from and I would like it if they rolled out quickly."

I'm not even asking for that. I'm just saying they need to seriously increase their user-base and with more non-technical, privacy-focused users. What input they're receiving before launch needs to be as diverse and representative of what they'll receive after launch. They can still cap the user count or be selective. Closed with 10,000+ person backlog or wide open in full production is a false dilemma. Heck, maybe even a room's worth of people from each likely demographic, skill level, target platform, and so on. Will help spot many issues coming from each before production.

"Not even everone on HN has keys I bet, so the public isn't as anxious as you or I might be ;)"

I should be clear that I'm not factoring in the general public at all: they'll continue using Facebook Messenger, etc for private communications because it's cool, convenient, cheap, whatever. I don't waste time trying to push privacy tech, esp key management, on the public any more past improvements to infrastructure or tools they already use. Strong security/privacy is and always was a niche. However, as Keybase's vision realizes, the niche is potentially larger than techies with GPG or stuff in keyservers: people who would use it if it was simpler & less technical at interface. So, I advocate they get more of that audience into their user-base for feedback.


Sorry mate, I was having a laugh with the social network bit, but I think we are both just saying the same thing. The product is in Alpha. It isn't ready yet. I just downloaded it and it says "This product is in Alpha". They will then move to private Beta then Beta then launch. So I think they will do what you are asking, but they are further behind.

I guess my point was that they have a really long release cycle because this is a security project. Regardless, I have 9 invites so I am considering allocating a few to some non-technical friends now to get their take.


"Sorry mate, I was having a laugh with the social network bit,"

I kind of got that. Picturing "move fast and break stuff" applied to security would be a hilarious concept. So long as it was the competition doing it. :)

"Regardless, I have 9 invites so I am considering allocating a few to some non-technical friends now to get their take."

Now that's a good idea. Might help so long as they're the kind of people that go through extra trouble for privacy or control of their data. You'll know it's the case if they ask "what is a" or "how do you" on something everyone assumed was obvious. If that moment doesn't come, the UX team was really good. ;)


Curious, how did you go from behind 12k people asking for an invite to having 9? I figured aianus got you one but nine is some progress in a short time. ;)


Chris Coyne (co-founder of keybase.io) seems to send them to new members. Unless he was on here, which is possible, I have no reason to suspect I received special treatment. It actually is fairly smart because you can grow your base by an order of magnitude and if you have set the culture of the people you invite, the site will blossom that way. I sent you an email to ask if you want an invite. If you get back to me I will send you one.


> in 3 years they want "Log in with Keybase.io" on every website instead of "Log in with Facebook"

Awesome, I brought this up last week:

https://github.com/keybase/keybase-issues/issues/1767


Thanks to the kind people who sent me invites! I have accepted one (can't recall who, but thanks again) and will be playing with keybase.io over the next few days, to see how I can use it in my projects. This is definitely something I love about HN, there are almost always people willing to help out. I didn't even expect to achieve anything with my post; I was actually just complaining out loud...


I agree. They need more people using it to work out all the usability problems. Many different types of people. Should use a filtering strategy, though, to minimize number of people that will need lots of hand-holding. Maybe dedicate an employee, forum, etc to that. Easy to get bogged down in support before the project gets started.


Would you like me to send you an invite?


I also have some invites if anyone wants some. My email is in my profile.


Me too.


I've got 9 invites. If anyone wants one, let me know.


8 here.


If you'd like a invite, shoot me an email at aianus@coinbase.com and I'll send you one.


Brilliant. Sent. Thanks a 10^6.


All out :)


I have some invites as well. Contact me at nadav@bitrated.com if you're interested. (offer is open to everyone, not just OP)


I have some in invites as well, shoot me an email at cmiles74@hotmail.com.


That's really good news and I'm really excited about keybase's future. I'm curious though why they chose to use NaCl instead of libsodium [1]. I was thinking of doing a crypto app a while back and did some research and libsodium seems to be a more portable and recent (removed deprecated code) version of NaCl by the folks at dnscrypt. Maybe I missed something in my research?

[1] https://github.com/jedisct1/libsodium


"NaCL key" is a generic term, you can probably use them with libsodium, like you can use "PGP keys" with GPG.

By the way, libsodium has the same maintainer than dnscrypt (and Pure-FTPd) but he does not work for OpenDNS anymore (afaik he works for OVH, but libsodium is his personal project).


This is fantastic. Thanks, Keybase!

I've kept my private key on a single device because that's the easiest way for me to secure it... but it means that I haven't used keybase to actually secure communications much because that device is my nice big linux desktop... not my handy laptop or phone or any of the other devices that I spend more time communicating from.

Really looking forward to the Android app.


Woo-hoo! I'm a fan of Keybase (although, I'll admit, I've received barely any encrypted communication from the outside world). The first version of their product did a whole lot to open up secure communication to "the masses," by simplifying strong encryption into an easy-to-use app.

I'm glad that the Keybase team decided that they didn't want to stop there. I'm not sure that I'll use the new keying system (my use case isn't very risky), but I do think that a lot of people will.

In my opinion, the more people that have access to easily-used crypto, the better.


> "I'm not sure that I'll use the new keying system (my use case isn't very risky)"

To be clear, you'll be using this system automatically if you install Keybase on your phone or desktop. It'll just work, and you'll have a private key on that device. As you add devices, you'll collect keys. If you remove a device, that public key will no longer be a part of your identity.

If you want to use PGP on one of those devices, you can. And you can strongly connect it to your other keys, as the graphs in the post show.

This should be easier. From a "regular" non-PGP user perspective, you needn't think of this as managing keys, or adopting a more advanced key system. Instead you would just be managing your devices and installing Keybase.

That's our hope anyway. (Disclosure: I'm one of the people working on the project - https://keybase.io/chris - thanks for the kind words about the project)


That's awesome -- and thank you for the clarification. I'm primarily a user of the webapp, although I have the CLI application on a server (hence not using mobile stuff, multiple machines, etc).

I'm a big fan of your product, and recommend it broadly -- great work so far!


wow, please put a link to https://keybase.io on your blog header.


And also add a blog header.


This reminds me - is Google's End-to-End still going somewhere or has Google "virtually killed it" (by not caring about it anymore as they do with many of their products)? Yahoo's CISO promised to implement it for Yahoo, too, but I think the guy who promised that left the company.


Seems to still be receiving commits as of a few days ago > https://github.com/google/end-to-end

I was waiting on smartcard support in that project myself


It looks like we knocked keybase.io off the net; all I'm getting now are 502 Nginx errors. Does anyone have a mirror of this blog post?


Yep; same issue here an hour later.

Google cache:

http://webcache.googleusercontent.com/search?q=cache:vneH1nu...


It should be back up now.


So what happens to the existing GPG-using folks?


They clarify that PGP support will continue to function as is at the bottom of the article.


Also, now you can have multiple PGP keys tied to your account.


I don't really understand key base. Is there a more elaborate explanation of how it works somewhere?


The simple idea is that it's a directory mapping public keys to social accounts. If I know you as a Twitter user, I might want to send you an encrypted message. Or if I get a message from you that's signed, I might want to know that you're a certain Hacker News user. If I download some source code, I'd like to know it was signed by someone who has Github account X, and write access on example.com. And so on.

Historically, a few people using PGP would do this identity mapping, at least in one direction, by posting a PGP fingerprint (of their public key) on their, say, Twitter profile . Of course, this only went in one direction. To achieve a bidirectional proof, they would also have to post a signed statement going in the other direction, too, stating they were in fact that twitter user. (Otherwise you couldn't start with a message and conclude which Twitter user sent it - multiple people could claim this.)

Keybase started as a hobby project to make these posts structured and formal for PGP users. We just wanted to make this kind of thing easier, so we made a directory to hold the signatures going in the other direction, and a reference client that would look up these announcements and verify them.

The other specific advancement is that these signatures have been put into a data structure designed to prevent the server from lying by omission or forking - a big problem that exists with historic key servers. If you remove a key, what's preventing the server from not admitting that? Or what's preventing the server from giving Alice and Bob a difference experience from Charlie and Diane?

Anyway, that was the first idea behind Keybase. To make a better directory and walk people through these proofs.

What we realized - and what has gotten us both (a) extremely smart developers to join us, and (b) funding - is that there are deeper problems beyond the identity establishment....problems that can be solved in 2015.

Those two problems are (1) pretty sucky clients for public key crypto (at least from the perspective of non-programmers), and (2) key management issues. The first is something we have experience with, as our team has worked on a lot of successful projects. And let's be clear, lots of teams could solve this, if given the resources. The second is something we feel can finally be solved thanks to mobile phones. Phones and watches and other small devices allow you to provision new keys easily, because 2 devices can be brought together. That wasn't easy in the past. All this is now possible without understanding what a key is. Or worrying about how to store and move one around safely. That's the new goal: actual crypto clients. For signing, verifying, encrypting, decrypting, and sharing.

You can read the front page of keybase.io for some more info, but it's somewhat out of date and talks mostly about PGP. This will change when our clients are further along and we're seeking more beta testers.


> If you remove a key, what's preventing the server from not admitting that?

Can you point me to somewhere I can read about Keybase's solution to this problem?


These 2 docs together will explain it:

[1] https://keybase.io/docs/server_security

[2] https://keybase.io/docs/server_security/merkle_root_in_bitco...

The tl;dr: Removal statements are signed into a chain of all public announcements you make (each references the last), and each link also references the root of the site's merkle tree - a tree which includes everyone's chain. The root of that tree is written to the bitcoin blockchain multiple times per day.


I have 9 invites and none of my friends want them. If you want one let me know @hydandata.


I've said it before and I say it again:

- For security focused websites, it's a no go to include 3rd party domains for any content.

The fine folks at keybase responded well last time and moved the font files to their own servers (thanks!).

This time, they host images at S3 and therefore leak metadata about their visitors directly to Amazon.


probably off topic but what library was used to render the graph?


The real problem is that no one gives a shit


Keybase has no altruistic incentive to broker safe PKI. They're just another for-profit-scammer-of-your-private-key


Keybase does not need your private key.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: