Key-base adds end-to-end encryption to messages on the web

By Prempal Singh 0 Comment June 1, 2017  aes, aes encryption, best encryption, bitlocker, bitlocker encryption, data encryption, disk encryption, drive encryption, email encryption, encrypt, encryption android, encryption decryption.encryption algorithm, encryption key, file encryption, java encryption, mac encryption, password encryption, pgp, pgp encryption, RSA, rsa encryption, what is encryption, windows encryption

Is usually Keybase the public key encryption platform that security expert have been waiting around for?

Easy methods to kicking around in slow-burning development for three years, where it has released a website, desktop software (Windows, Mac, Linux), mobile (Android, iOS) and chat apps. The previous week came a file format to embed Keybase in the Chrome browser.

If perhaps this sounds like a regular messaging software mashup, what underpins Keybase is actually much more daring and, possibly, important – which is why we’re authoring it.

Keybase can be explained as a process for users to generate a general public encryption key (or publish their own existing ones) to verify their online identity with a high level of certainty.

If this sounds a little bit arcane, identification is the fundamental problem that lies at the root of many of security’s woes, nobody has in whatever way of knowing someone is who they say they are and thus must proceed established on risky assumptions.

General public key cryptography has attempted to solve this by using either a structure of trust (ie, records verified by an authority) or a “web of trust” (ie a network of users who certify for each and every other), the second option an idea made famous PGP, Phil Zimmermann’s security software.

Web of trust sounds intriguing but converted out to be complicated, that is why Keybase wants to reprise the idea – minus the hard corners.

Users verify their general public key in Keybase through Twitter, Facebook, GitHub, Reddit, or Hacker News, each one boosting verification, a lot more the merrier. A hacker wanting to impersonate someone by using a fake key would appear against a wall structure.

Keybase wants to build security applications on top of this. With the new Chrome file format loaded, a blue button appears on the users of each registered service (such as Twitter) which allows Keybase users to DM each another with end-to-end security.

For now, Keybase remains a piece in progress. Marketing and records aren’t great for a company that a new $10. 8m funding round in 2015, perhaps as it doesn’t want an influx at this stage.

Keybase might just be attempting to build a collection of security functions that popularize public key security, or it may be trying to create a bigger program that could be used in a number of ways by a third-parties. It’s not yet clear.

The biggest challenge will be to get users engaged in a world where some of what Keybase does is already covered, albeit imperfectly, by software such as WhatsApp. Verification, identify and public-private keys are all perfectly but most users miss their significance – or don’t care. Two years ago, PGP struggled to break to similar reasons. Security can’t afford record to repeat itself.

Source: nakedsecurity.sophos.com