On Wed, Mar 12, 2014 at 4:08 PM, Jean-Paul Kogelman <jeanpaulkogelman@me.com> wrote:

Agreed, this is a valid concern. This could possibly allow a 3rd party to crack the password, but then again, they would not gain access to any key material. So yes, you could expose your password, but your key would still be safe.

If people feel strongly about this vulnerability, we can revisit step 4 and adjust it to make password recovery more expensive.

Just to clarify on J.P.'s comments:

*If* you choose to outsource StrongH calculation, and *If* that machine is compromised, then the security of your password is reduced to a single round of salted PBKDF2-HMAC-SHA512. Your private key remains on the trusted device, no matter what.

Regrettable, but not catastrophic.

Will