matrix rant 

Dear #matrix developers. Riot lets me know that "sessions" are not "trusted" as a reason of why encryptions fails. What about letting me know what "sessions" and "trusted" means first? 😖

Follow

matrix rant 

@mray or that if I verify a device on my phone, I want it verified on my desktop too. Don't need to verify on every device I own.

matrix rant 

@ted you are brave to even go that far, I guess they kind of lost me with the whole thing of "Export your keys with a new password *right now* or lose all encrypted chat by signing out."I can only look forward to them making progress on the #UX in that regard…

matrix rant 

@mray yeah, I honestly thought exporting my keys would allow me to verify between devices. Nope.

matrix rant 

@ted @mray the keys exported there are just the message keys, not the device keys or the trust store

matrix rant 

@jcgruenhage yes, I understand that now, it wasn't clear to me at the time.

The dialogs and the messaging need to be refined, user tested, and refined some more.

matrix rant 

@mray @ted The UX around crypto is a bit weird, yes. Not warning that keys will be lost when signing out would be worse though, right?

matrix rant 

@jcgruenhage yes, but it isn't clear to me why you need two passwords for that. It seems like it could be encrypted with your primary password.

Certainly more secure users should be able to split them, but by default, that's as secure as similar apps.

matrix rant 

@ted you need two passwords for that because they are treated differently. The login password is sent to the server in clear text, where it is compared with the hash stored in the database. The key storage password is used to derive a key for encryption locally, so that password is never sent to the server. There are ways to get around this if your matrix server is handling authentication directly, but if it's authenticating users against a backend like LDAP, there have to be two.

matrix rant 

@jcgruenhage wait, why isn't it hashed locally and then sent to the server to compare the hash?

matrix rant 

@ted because then you could authenticate as any user when a database leak happens. This way, you need to know the password directly. You could of course handle this as a two layer system, hashing the hash, that would be one of the possible ways around it, but that doesn't work if you have something like ldap sitting there.

matrix rant 

@ted (Not hashing it locally is pretty standard though, this is not matrix specific.)

matrix rant 

@jcgruenhage ah, I see. Hadn't considered that attack.

Seems like you could still use the same password for both though. I imagine the plain text password isn't stored locally, just used to get a token. So both the keys and the password wouldn't be stored next to each other.

Certainly, less secure, but I'm not sure the usability tradeoff for the increased security is good here.

matrix rant 

@ted @mray that is being worked on. It's not quite done yet, but getting very close.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!