-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reset lost password #379
Comments
Here's a solution that's not too painful. For every device in the devices table:
We'll need to do this on PW change, and on device provisioning. Now, a device with an unlocked DH key can change PWs without knowing the previous PW. All it needs to do is to decrypt the encryption above and XOR into the mask. The previous PW is no longer required. |
Also see #184, in which a slightly different solution was proposed. The only question is whether or not to rely on KBFS to recover. |
Let's not rely on KBFS to recover, since that won't be ready until milestone 2. |
Some related issues:
|
Client work needed here:
|
The client side of this should be all finished as of a9cc312 |
(Except for new detkey uploads, which is blocked on keybase/keybase#260) |
Leave keybase/keybase#243 for future work, but close this out. |
So let's say a user forgets their password. Here are the things that are no longer accessible:
The biggest problem I foresee if how to handle device keys behind LKS after the password is reset on another device without LKS (like the phone). Those keys are now not accessible. What should happen is:
In addition to the hairy LKS problem, we of course need to resolve the detkey and password hash problems. That would have to be done by whatever device is resetting the password. BTW, password reset can happen with any provisioned device key. So it is likely to happen on a mobile phone that doesn't have LKS-style key locking.
All of this is a ton of work, it makes the case for keeping secret keys in plaintext. The users who really care will likely have encrypted home directories. Those who don't will be susceptible to their devices being seized and no way to disable file access.
The text was updated successfully, but these errors were encountered: