conference logo

Playlist "May Contain Hackers 2022"

Using Passcrow to recover from lost passwords

Bjarni Rúnar Einarsson

Have you ever forgotten a passphrase or lost a hardware token? Lost access to enough Bitcoin to buy a pizza or two? Encryption is fundamental to securing our liberties, but key and password management remain difficult even for professionals, let alone the general public.

This talk presents Passcrow, an Open Source project attempting to address one of crypto's largest usability issues: password and key recovery in a decentralized environment.

Passcrow is a system for community-assisted secure “password escrow”, making it possible to recover from forgetting or losing a key, password or passphrase. Born out of a desire to make strong encryption easier (and safer!) to use for less technical users, the project is in an early stage of development - but code has been published and the system is usable today.

Passcrow is many things: there is an underlying protocol, basic user experience guidelines, a client library for integration with other (Python) apps, an HTTP API server, and a command-line tool for making use of the system by hand. Potential applications include password managers, secure messengers, general purpose encryption tools (including OpenPGP and hard drive encryption) and cryptocurrency wallets.

In this talk, I will discuss the motivation and rationale for the project, demonstrate how the system works and talk about some of the challenges and design decisions we have seen so far.

The purpose of this talk is to solicit feedback and participation from the community; if you are interested in the subject, please come find me afterwards (my base at MCH will be The Quarantine Arms village) and let's have a chat! If you miss the talk, you can read about it at www.passcrow.org.

Passcrow is a spin-off from Mailpile (www.mailpile.is), the secure e-mail client. Passcrow is inspired by Mailpile's experience attempting to make e-mail encryption more usable for less technical users, and will be used in future versions of the app.