Not sure if this is actually OK in security circles, wondering how security people deal with this problem. The basic problem:
- The password is used as the encryption key for the entries, and should never be sent to the server. Obviously it's encrypted in transit by TLS, but the server, if malicious, can then read the password and decrypt the entries.
- How to authenticate a user if their password cannot be sent to the server?
Not sure if this is actually OK in security circles, wondering how security people deal with this problem. The basic problem: