Skip to content

Consider alternative implementation of authentication that does not expose the entry decryption key to the server #23

Description

@boompig

Not sure if this is actually OK in security circles, wondering how security people deal with this problem. The basic problem:

  • The password is used as the encryption key for the entries, and should never be sent to the server. Obviously it's encrypted in transit by TLS, but the server, if malicious, can then read the password and decrypt the entries.
  • How to authenticate a user if their password cannot be sent to the server?

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions