1. 8

  2. 1

    Hmm, I’ve done some password storage work before. This looks interesting!

    Although, I don’t think there’s a fundamental issue with the design of Horcrux, I’m surprised that nowhere in the code/paper you mentioned host verification on TLS using the TCB, or authenticate with the share servers for that matter. This feels like it could be easily spoofed by a malicious attacker.

    Along the same lines, consider that one possible problem with secret sharing (specifically, Shamir’s), is that a malicious attacker could derive malicious shares to infer information about the secret. You can read some about it on section 2 of this paper (I won’t dive into the specifics of how this applies to horcrux, but it’s worth diving into).

    Good luck! (of course, I’m assuming the author posted this).

    1. [Comment from banned user removed]

      1. 1

        The inventors of using symbolic names for machine code instructions solved programming. Unless somebody comes up with something somehow superior to that, they are just wasting their time, and everyone else’s.

        1. 1

          They lost me at “Firefox addon”.

          Why at that in particular? (Firefox dev here)

          1. 1

            For one, this design means you can only log into sites using Firefox. I like Firefox, but I’m not ready for that kind of commitment.