Hacker News new | past | comments | ask | show | jobs | submit login

Unfortunately I think this particular review is missing the point of Keybase. In the same vein as attacking Twitter for not making the follow relationship symmetric or attacking Instagram for ruining the dynamic range of pictures, this author is (mostly) attacking Keybase for the very point of what Keybase is.

PGP has failed to reach even a moderate userbase outside of crypto enthusiasts, and while part of this, as the author suggests, is painful UI, a large part is also that the web of trust model is unreasonably demanding for most cases.

Keybase asks: who are you on the internet if not the sum of your public identities? The fact that those identities all make a certain claim is a proof of trust. In fact, for someone who knows me only online, it's likely the best kind of trust possible. If you meet me in person and I say "I'm sgentle", that's a weaker proof than if I post a comment from this account. Ratchet that up to include my Twitter, Facebook, GitHub, personal website and so forth, and you're looking at a pretty solid claim.

And if you're thinking "but A Scary Adversary could compromise all those services and Keybase itself", consider that an adversary with that much power would also probably have the resources to compromise highly-connected nodes in the web of trust, compromise PKS servers, and falsify real-world identity documents.

I think absolutism in security is counterproductive. Keybase is definitionally less secure than, say, meeting in person and checking that the person has access to all the accounts you expect, which is itself less secure than all of the above and using several forms of biometric identification to rule out what is known as the Face/Off attack.

The fight isn't "people use Keybase" vs "people go to key-signing parties", the fight is "people use Keybase" vs "fuck it crypto is too hard". Those who need the level of security provided by in-person key exchanges still have that option available to them. In fact, it would be nice to see PKS as one of the identity proof backends. But for practical purposes, anything that raises the crypto floor is going to do a lot more good than dickering with the ceiling.

And I don't buy the "don't reinvent crypto" argument at all. Sure, it's a bad idea to use your own password hash instead of bcrypt, but maybe you think you can do better and you end up creating the foundation for Litecoin. A general-case argument against any innovation is a dangerous thing.

With that said, I totally agree about uploading your private key to Keybase. That's one very scary basket to put all your eggs in and I don't trust it at all. Luckily, it's optional.

I think the issue is not so much that a scary adversary could simultaneously hack Twitter, GitHub, etc - that seems hard. The real problem is that all these services will, in the default configuration (no 2-factor auth), perform password resets via your email account. Thus if you succeed in hacking someone's mail account you can take control of their other accounts and go ahead and verify a new keybase profile. Unfortunately there's no way to know externally if someone uses 2-factor, so it's hard to judge how meaningful a Keybase profile really is.

The mitigating factors here are:

1) Most "good" services at least those used by the tech geek community do support 2SV these days, which would raise the bar somewhat for people who use it, although I suspect several of those services will still unlock 2SV for you if you say you lost your second factor and know enough about the account (Google does).

2) Someone would obviously notice that their passwords had all been reset and could sound the alarm.

But in practice, I think this feels like not much different to just verifying ownership of an email address, which is what CA's already do (and there are PGP CA's if you don't want to use X.509). Comodo will do it for free, it's integrated with the browser via the HTML5 keygen tag, and it takes just a couple of minutes.

Also, the age of the tweet or gist would be a red flag. If the signed gist is 2 years old and hasn't even modified since, you can pretty safely assume that if the keybase public key matches the signed message in the gist, nothing nefarious has happened recently.

> If you meet me in person and I say "I'm sgentle", that's a weaker proof than if I post a comment from this account.

That's why (for PGP) you, as an assurer, generally don't upload the signature yourself but send it to the e-mail address the assuree claims to own. The proof that they own that account is that they are able to receive the mail with the signature. They can then publish it themselves.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact