Common questions regarding the deterministic by default approach of the GHcloud platform.
- What does deterministic by default mean…?
Private information is never stored anywhere.
- What are device salts…?
By default, the setup of GHcloud guides new users through the process of deterministically generating a device salt. GHcloud then uses compounding encryption through a modular method from within the browser that allows to deploy systems of varying levels of security dependent on the requirements or and the environment. By default, we then use the salt to generate secure deterministic private keys that are not stored anywhere but can be easily recreated inline at the moment they are required.
- What happens if I lose or fail to correctly re-create my salt…?
If you lose your device salt or the browser cache is refreshed, there is always the possibility you could re-create the salt, but if you are unable to remember the details that you used to create the salt, you will probably never be able to recover or re-use the account(s) created with that salt. If you did not make a backup of the private keys, you may lose everything, which is why it is very important you understand the risks.
Backup your SALT. backup your private key(s)!
- But is it safe…?
It is as safe as you make it.
Different use cases often require different forms of solutions. The most important question is really who has access to your private keys? In the case of many web-based services, the service provider is often in control of the private keys. In the case of most software solutions, the keys are usually stored on the corresponding device. Both scenarios involve your private keys being located in a single physical location and if you are lucky, will also be properly encrypted with a password.
GHcloud does not store private keys anywhere.
They are created with compounding encryption using a device salt that prevents random brute force leaving you just as susceptible to theft as your bank account or other personal accounts.
If you are prone to forgetting passwords or are unable or unwilling to manage the recovery functionality yourself, you may be best off with another service. However, please remember that if anyone is ever able to recover the keys for you it means that you do not really control the keys to start with.
- What is compounding encryption…?
Does anyone care?