Any Association
How safe is passphrase compared to the username and password combination? #22
-
|
I am not familiar with architectures of softwares so I was wondering how safe the passphrase is, compared to the ordinary username and password combination to protect your account? Is anytype employees able to see/access my data? Do you guys plan to implement username/email and password combination for authentication instead of passphrase in the future? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 3 replies
-
|
Hey @ecoholic84, Here you can find an article about how we keep data safe. In short, a combination of private and public keys is very secure and does not require an online connection to verify that you are you. Furthermore, this approach does not give the Anytype Team or anyone else who hosts the infrastructure access to your data; only you can decrypt it. You can also delve into technical details about how the infrastructure layer works, including data representation and encryption descriptions. |
Beta Was this translation helpful? Give feedback.
-
|
That clears it. Thanks for the reply. |
Beta Was this translation helpful? Give feedback.
-
|
Just to complement the answer with the implementation details for those who, like me, were wondering, the passphrase is generated from go-bip39, the library used by some famous blockchains to authenticate the wallets, and given the current implementation of anytype, it generates a 12-word english passphrase out of a dictionary of 2048 words, which means an entropy of about 128 bits which is just infeasible to bruteforce today without prior knowledge about the passphrase. @ecoholic84 , the passphrase is therefore very secure as long as your devices are not compromised which is the claim from the project. I would like to emphasize that it is great that AnyType source code has been opened recently because it allows us to check those kind of important details. |
Beta Was this translation helpful? Give feedback.
-
|
@any contributor @clems4ever community |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for clearing the mystery around this. This helped. |
Beta Was this translation helpful? Give feedback.
Just to complement the answer with the implementation details for those who, like me, were wondering, the passphrase is generated from go-bip39, the library used by some famous blockchains to authenticate the wallets, and given the current implementation of anytype, it generates a 12-word english passphrase out of a dictionary of 2048 words, which means an entropy of about 128 bits which is just infeasible to bruteforce today without prior knowledge about the passphrase.
Also, the passphrase is generated from the middleware here, which also means locally on the end devices, which is what we could expect to keep our data private.
@ecoholic84 , the passphrase is therefore very secure as lon…