The ship has sailed on this term of art, but as a native English speaker, I agree with you that it's ungrammatical. I would use a hyphen, though: "physics-based." This answer agrees with you (and me): https://english.stackexchange.com/a/428679.
Here's one way to think about _why_ it sounds wrong. "Physically based" would mean that "physically" is the answer to the question "How is it based?" To a native English speaker, that question sounds odd. A more natural question is "What is it based on?" To answer that question, you need a noun: "It's based on physics." Hence the construct "physics-based," like "evidence-based medicine" or "merit-based scholarships."
Jeez you're right, how could I have overlooked the cheese?! I thought it was even worse than it is, assuming you're supposed to associate the camera with someone taking a picture and saying "cheese".
That experiment shows that whatever is stored on ProtonMail's servers plus your password is sufficient to decrypt your emails. This could be explained by the private key being derived from or encrypted with your password. ProtonMail's documentation says it's the latter (https://protonmail.com/support/knowledge-base/how-is-the-pri...):
> Your ProtonMail private key is generated in your browser. Before sending the private key to the server for storage, we encrypt it with your password (or mailbox password if you use two-password mode). This ensures that you and only you can use your private key.
Of course, there are other threats to worry about, such as ProtonMail changing their client-side JavaScript to exfiltrate your password. But the system as they've documented it does not appear to have any way to decrypt your email server-side short of guessing your password.
The most likely attacker against proton mail are various law enforcement or intelligence agencies.
Such agency can force PM to modify login process to derive password from submitted form, or to just switch private keys for non-encrypred ones, because the user won't even notice it.
Truly secure entity just wouldn't have private keys on a server at all. Users would have to go through an an uncomfortable process of generating and uploading keys to clients, but they would be truly safe.
To sum it up, you can't really have security and convenience at once. besides skipping a proper key management process, PM also mail skips such important steps as verification of email partner identify and key verification, so you have to trust PM that you are really talking to a person you think you are talking.
> Truly secure entity just wouldn't have private keys on a server at all.
They don't. They have your encrypted private key, but there's no need to keep that secret. (The decryption key is derived from your password, so the password needs to be strong and secret.)
> Such agency can force PM to modify login process to derive password from submitted form, or to just switch private keys for non-encrypred ones, because the user won't even notice it.
Yes, definitely. It's hard to trust self-updating software (like JavaScript in the browser), particularly if you're concerned about targeted attacks. But creating your own private keys and then entering them in the browser wouldn't help you at all against that sort of attack. You would instead need a different type of client that could be trusted somehow not to leak your private key.
It's not uncommon for services like this to offer a downloadable version of the web client so you can pin a version and audit the code as needed. I think maybe https://github.com/ProtonMail/WebClient is that for ProtonMail? If so, you should be able to verify that code and then use that. The fact that an encrypted copy of your private key will live on ProtonMail's servers shouldn't bother you.
YOU make a poor argument. All email correspondence with external servers (I believe it to be 90+ percent of all correspondence) is not encrypted at all, and the rest is bypassable if Protonmail wants or forced to decrypt it. This is just a security theater.
True security is when the provider can't decrypt anything under all circumstances, even under coercion.
It's worse than that. They could just throw away all the sales from this contract, since it's not connected to anything.
They also failed to verify source code for the contract: https://etherscan.io/address/0x3c7767011C443EfeF2187cf1F2a4c..., and the source code on GitHub is missing a file ("Ownable.sol"), making it difficult for anyone else to verify what source code is actually running.
I suppose the lack of verified source code doesn't matter, given my first point. People who are buying are placing a lot of trust in the "Fuel Bros Innovation Team."
Assuming the 128-bit IV is indeed randomly chosen, after encrypting a trillion blocks, you would have roughly a 1.5E-15 (on the order of a quadrillionth) chance of hitting a collision.
Unless I'm mistaken, even if you hit that one-in-a-quadrillion lottery, the result is that the two blocks encrypted with the same IV are more crackable (because you can XOR them together), not that the key itself is easier to obtain, right? (My understanding is that AES is resistant to known-plaintext attacks.)
You've given a clear, easy to understand example of something, and you've told people that this something is a zero-knowledge proof.
Anyone who doesn't know what a zero-knowledge proof is will give you positive feedback, because they had an easy time understanding the example you presented.
People who do know what a zero-knowledge proof is will correctly point out that the thing you described is not a zero-knowledge proof.
I think this explains the gap you're seeing between the feedback here and the feedback in "less technical forums." It's difficult to come up with real-world examples of zero-knowledge proofs, but there are two good examples on Wikipedia and one here (the "Where's Waldo?" example).
Engineering Manager at Dropbox here. Sorry for the confusion! This is an error on that page, presumably some miscommunication between groups at Dropbox. 2FA continues to be an available feature for all Dropbox users. The only difference between plans is that team plans allow administrators to require 2FA for all members of the team. That page will get updated soon to explain that feature properly.
Just to close the loop here, we’ve updated the page to include a checkmark for 2FA in the Pro column too. Again, all account types can use 2FA (and we recommend that they do!), and teams can additionally require 2FA for all their members.
I'm not 100% sure what that is about, but I'm pretty sure it relates to new functionality for migrating data from existing file servers.
The API at https://www.dropbox.com/developers works for all account types. (Note that there are endpoints specific to team accounts when the functionality only makes sense there, like methods to add or remove members from a team, etc.)
