Hacker News new | past | comments | ask | show | jobs | submit login

Can somebody explain the difference between NaCl and PGP and why I want device-specific NaCl keys instead of device-specific PGP keys?



I didn't design this so I can't say for certain, but from reading their post there are a couple of benefits that NaCL confers over PGP for generating per-device keys.

The most important benefit is probably that NaCL keys are 256-bit keys based on ECC (specifically, Curve25519), which means these keys are stronger, faster, and actually more secure than the strongest keys commonly used in PGP (4096-bit RSA keys). Critically, they are much smaller and therefore easier to communicate between people/devices.

While their ideal workflow is to communicate keys by scanning QR codes, they currently need an alternative workflow to communicate keys between desktops (and will always need an alternative for users who can't scan QR codes for whatever reason). The "Paper keys" section of the blog post discusses this at length, and shows an example of a Paper Key:

"death punch correct staple battery horse clearly cherry picked words yeah moo car lisp"

They are probably generating this (Diceware-esque) string by splitting the 256-bit key into n-bit segments, using each n-bit segment as an index into an array of words, and then joining the words to form a "sentence" that encodes the value of the key.

14 words is already pretty unwieldy, as they acknowledge in the blog post. Imagine how bad it would be if you had to encode 4096 bits instead of just 256!

That was probably the most important motivation for Keybase to use them. Other motivations may have included:

* ECC is generally considered more future-proof than RSA

* NaCL is a small library and therefore is probably easier to incorporate into a variety of clients rather than the behemoth that is GPG/libgcrypt.

* NaCL is the new hotness, PGP is old and busted


PGP may not support ECC, but then again, who the hell uses PGP over GnuPG?

https://www.gnupg.org/faq/whats-new-in-2.1.html#ecc


Well traditional PGP key-management software expects exactly one key per identity, so using per-device PGP keys would establish each device as a separate identity. This is not what you want. I'm not an expert, but I'm sure there are other good reasons.


The user identifier for PGP keys is the User-ID (name and email address), and you can have any number of PGP keys for one. GnuPG lets you search for a User-ID (or part thereof) with --list-key, the same is true for key servers. Each key can sign each other's identifier. What do you think is missing?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: