Non Goals

Traffic analysis

If there is a party that monitors your network connection, they learn
who you communicate with and which web sites you visit. They won’t
learn about the contents of your message. This is traffic analysis.

Eccentric Authentication does not provide any protection against
traffic analysis. There are good tools to protect against this. Check
out Tor. It goes very well with Eccentric
Authentication.

Host security

The Eccentric Authentication protocol uses cryptography in all its
operations. These cryptographic private keys are too big to be remembered by
humans. And we expect you to have as many of these keys as you have
passwords at web sites. Probably more as it is easier than passwords.

The protocol relies on your computer to keep these private keys safe, so no
one but you can use them. Just like you rely on your computer to keep
your passwords safe in a password manager.

There are good designs for secure operating systems that are much
better at keeping you safe against viruses, malware, spying
toolbars. Even without Eccentric Authentication, it’s worth checking
out: Genode.

Backup

As we wrote above, the private keys must stay private. If you lose a
key, you lose that account. There is no recovery mechanism in the
protocol to recover a lost private key. No link to reset a
password. If there was a recovery mechanism, it would be ripe for
abuse, just like password recovery mechanisms are abused.

So you need to make backups of all your private keys. That backup must
be secure too. Dropbox, Skydrive, Google Drive or are not suitable as
they store your keys in a clear way, ie, giving all your private keys
to them. Better not.

We reccomend Tahoe LAFS storage. It offers
multiple redundant storage. With it you can share your keys between
your desktop, laptop, tablet, phone and car if you wish. Secure and easy.