Atakama File Encryption

[samuel-lucas6]

@earonesty I'm opening this because there's no discussion for #77. Here's a copy of the PR comment written by @earonesty:

Description

Hi, I'm the CTO at Atakama. We've spent the last few years developing frictionless, password-less multifactor encryption software. We use a secure DKG to generate a multifactor public/private key pair on the secp256k1 curve, and then use ECIES/AES/HMAC to encrypt files on a mounted drive. It's free to use, and we have an enterprise version to pay for development

It's great for people that want the protections of encryption, but also want a convenient UX, and don't want more passwords to manage or remember.

It also provides serious malware protection, since files are not decrypted until they are in-use. No keylogging can steal your master key - because it doesn't exist, etc.

It's step up, and I really would like your opinion on it.

[samuel-lucas6]

I have a few general concerns about this without even looking into things in detail:

1. It doesn't appear to be open source.
2. It requires an internet connection or Bluetooth.
3. The Technical Overview is not equivalent to a whitepaper or detailed documentation. It's also hidden away at the bottom of the FAQ page rather than being a separate page.
4. Although passwords aren't perfect, I would argue this solution is worse. It sounds like all this is doing is shifting the process to pressing a button on your phone, and it's a lot easier to compromise a phone than a high entropy password.
5. Half of the features require a subscription.
6. The website uses language like 'military-grade encryption'.
7. Do people really like using their phone to interact with things on their desktop? I sure don't. I even access 2FA codes on my desktop.
8. This seems to be more targetted towards businesses than individuals.

Therefore, I don't think this should be recommended.

[dngray]

It's worth noting they've pulled their MacOS and Linux versions anyway.