Yes, Encryptr and Crypton (the framework and server) are both fully open, in that you can run with your own server. SpiderOak also provides a public free server. https://github.com/SpiderOak/crypton - Erin @ SpiderOak
SpiderOak started using the term Zero Knowledge commercially back in 2007, in an attempt to explain the benefits of End-to-End Encryption to customers in a market where most participants were making wildly misleading claims. At the time, Mozy and Carbonite were referring to their systems as fully encrypted, even though all they did was transport encryption, or encryption of content and not filenames and folder names. These days, the term seems to make sense to at least the portion of customers who aren't crypto academics. - Erin @ SpiderOak
The "non-problem" of a biased PRNG is that you get reduced entropy in your generated passwords, thus reducing security.
The "flaw" in the pull request was fixed in a later commit (by switching to Uint8Array instead of Uint32Array), and then it was ignored by the SpiderOak team.
Selecting one of 84 characters purely randomly gives you 6.3923174227787602763 bits of entropy.
Selecting one of 84 characters by using modulus on a 32 bit random number gives you 6.3923174227787602889 bits of entropy.
It is a bug, but it is absolutely a non-problem. The difference you would get from using 83 or 85 characters is many orders of magnitude larger; this is not something that needs such an enormous level of precision.
Considering how tiny the bias is along with the added complexity of the solution (in a chaotic language like Javascript, no less), I'd say the SpiderOak people are not crazy for not having accepted it. There would be somewhat of an argument here if the original was reducing random bytes modulo 84. As it is, this is almost like dinging EdDSA for doing a similar thing: reducing a 512-bit number modulo a 252-bit integer instead of doing the 'proper' procedure.
> I'd say the SpiderOak people are not crazy for not having accepted it.
They didn't simply not accept it.
They tossed one bit of feedback my way, which I addressed in a follow-up commit, and then they neglected to do anything further. No discussion, no rejection, etc.
If they wanted to reject it because of complexity concerns, I would have been fine with that. At least it would have been some sort of closure, and I wouldn't feel like the person I replied to originally about this project being inactive. If it turns out that they're actually still planning to develop it further, I'm happy to be proven wrong about that.
Today, 'dchest wrote a superseding PR that solves the problem while maintaining a very small code diff, and I'd prefer his solution over my own. (I have no ego about my JavaScript coding skills. There are tens of millions of people who can do it better than me.)
Thank you for your interest and efforts to contribute to the project.
I think there were some questions about your patch that you did not answer, and reviewers moved to other projects. Honestly we felt overall the patch was low quality. Certainly the serious error in the first version of the patch which dramatically added bios didn't help. In general we had already completed auditing the selection approach taken by the existing password generation code and did not want to consider a different approach for little benefit.
The password generator gets 32 bit random values and then does modulus 84 to pick characters. There is a bias, but it has as much entropy as a perfect generator choosing out of 83.999999999999999 characters.
Edit: The question in my mind is whether it was oversight or intentional simplicity. The first is a bad sign, the second isn't a big deal.
For people to give a crap about FOSS crypto, you need the audits, and there's just not that much information out there. Audits are pricy and a great way to prematurely age a developer team, but the alternative is "looks OK" crypto code like the Debian SSL debacle.
Crypton's definitely an effort at all-cards-on-the-table corporate-sponsored FOSS, and this includes the project itself and not just the code.
