Comments URL: https://news.ycombinator.com/item?id=41501103

Points: 2

# Comments: 1

2. How is the email address encrypted? Why would an attacker need a stored hash? In a database leak situation it's possible to get to the data with only a valid email-password combination or am I missing something ? There is no information from a registered device necessary for the decryption right ?

Although I'm not a security expert, I have some worries about your security concept.

1. When the user wants to change the password, all photos&videos have to be reencrypted and uploaded which is absurd for most people because ~100GB of photo-storage is not an exception these days anymore.

2. When your database is leaked, it is very easy to compare with leaked passwords, putting users with reused passwords in great risk.

My proposal:

Masterkey: Random key encrypted with users password

Device A creates a masterkey and short-living rolling keys. Device B creates private/pub keys. If the user wants to add another device (B), he has to enter the current rolling key (from A). Device B sends its public key to Device A, encrypted with rolling key. Device A sends back masterkey encrypted with Device B public key.

en/decryption-key = masterkey decrypted with users password

With this method a database leak would be much less of a problem and a password change much less painful.