0

When deriving a private key from a password, will the resulting secret key be any weaker if the user email is included in the function input? Meaning, user email concatenated with the user password.

I'm using scrypt for key derivation, with libsodium in the browser and on the server.

rm.rf.etc
  • 109
  • 1
  • 3
    Emails are public, and passwords are easy to guess. That makes the key only as strong as the password. – schroeder Nov 22 '19 at 21:30
  • Yes. This is what I expected people would say. So a sufficiently complex password will make for a secure key, in this case, correct? And I take it that including the email in the key doesn't increase the crackability of the key in any way. – rm.rf.etc Nov 22 '19 at 23:00
  • You are saying a mouthful when you say "sufficiently complex password". Keys are normally derived from random number generators, so the more random the password is, the closer you get to a typical key. – schroeder Nov 23 '19 at 00:54
  • 1
    You also use the term "secure" without defining it, which will make it difficult to answer. "Secure" from what? For what purpose? In what context? – schroeder Nov 23 '19 at 00:56
  • I'm simply asking if including the email with the password when making a derived key, does anything to weaken the key, as compared to deriving the key from the password alone. – rm.rf.etc Nov 23 '19 at 01:23
  • Ah, that subtlety is not in your question: "does *adding* the email weaken the key". Can you edit your question to add it? – schroeder Nov 23 '19 at 09:56
  • @schroeder okay, I updated it – rm.rf.etc Dec 11 '19 at 19:47

2 Answers2

0

I would recommend using a more established system. If you would like, gpg could definitely be used as it allows for distributed identities, provides email correlation, and is far more secure than you trying to build your own home grown solution.

Connor Peoples
  • 1,421
  • 5
  • 12
  • NaCl sounds like a better option. https://news.ycombinator.com/item?id=10281301 I wouldn't say that I'm trying to build a home grown solution, I'm simply asking about deriving a key. I don't think this answer addresses the question at all. Even if I switch to GPG, I would still have the same question. – rm.rf.etc Nov 23 '19 at 20:44
0

Adding the email on the key generation does not increase the security at all, because the email is a public information. Even if isn't really public, it's possible to guess most emails, find them on other sites, on leaked credential dumps, and so on.

What increases a key security is entropy. And emails have little entropy. And if the email is part of a leaked dump, it adds zero entropy. So if the user email leaked from an attack on another provider or service, even This_Email-Is.So+Long=And#Random!Nobody%Will/Guess@random-unknown-domain.tech adds no security.

If possible, don't let the user have any input on the key generation. Taking user input makes keys insecure, the same way users choosing passwords will (most of the time) result in insecure passwords.

That's why programs with high security requirements (like crypto wallets) ask users to random type things and move the mouse around: they are collecting randomness. They don't trust the user to add its own information, and don't trust even the random number generator from the OS.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142