create DSA writecaps from a passphrase

[warner]

once we have DSA-based mutable files, the signing keys will be randomly generated. It would be great if there were a way to type in a passphrase (or a list of words, or something memorable but with higher entropy than your normal password) and have tahoe hash that into a writecap. This would enable human-memorable mostly-secure rootcaps.

(this trick only works because mutable files allow us to combine the confidentiality and the integrity into the same bits. For immutable files, this trick wouldn't give you file integrity. OTOH, there might be a use for a half-filecap which is derived from a passphrase and gives you reliability and confidentiality but not integrity).

On the welcome page, next to the box where you can paste in a dircap, should have a box where you can type in a passphrase, and it will hash and redirect you to the corresponding directory.

It might be nice to have a checksum of some sort, so people can tell the difference between misremembering their passphrase and searching for the directory on the wrong grid. Maybe the hashing process could also emit a 2 or 3 digit number, and users would be responsible for recognizing the number ("funny, it can't find my directory, oh but hey the computer usually tells me my checksum is 46 and this time it said 19, let me try retyping that"). Or the number could be expressed with a few goofy words, something easier to remember ("oh hey, it usually says FILIBUSTERING-NARWHAL but this time it said PACIFIST-JACKALOPE, let me try retyping that").

[swillden]

I like this idea. A lot.

I described a vaguely related idea at the end of this mailing list post:

​http://allmydata.org/pipermail/tahoe-dev/2009-August/002697.html