Skip to content
This repository has been archived by the owner on Jun 12, 2024. It is now read-only.

Extension: Counterintuitive backup/restore flows using "backup code" #353

Open
adon-at-work opened this issue Jan 8, 2016 · 4 comments
Open

Extension: Counterintuitive backup/restore flows using "backup code" #353

adon-at-work opened this issue Jan 8, 2016 · 4 comments
Labels
enhancement extension usability

Comments

@adon-at-work
Copy link
Contributor

Backup flow

  • Go to settings.html
  • Click "Sign up with another email address" with email "a", get KeyA
  • Click "Sign up with another email address" with email "b", get KeyB
  • Click "Show backup code", save it somewhere
  • Click "Trash" to delete all keys of "a" and "b"

Restore flow

  • Go to settings.html
  • Click "Restore from backup code"
  • Put "a" in the email field, enter the backup code, and Click Restore
  • Keyring panel shows multiple keys, KeyA and KeyB both associated with "a"

I'm aware that backup code is actually the encoded version of eccSeed and eccCount, which forms the basis to generate the private/public key pairs. And the same seed is being used across multiple "Sign-up".

Problems:

  • How can one restore the respective key of "a" or "b"? Counterintuitive to explain "backup code" to users? One-to-one mapping of seed to every sign-up would be better.
  • In case an attacker stole the backup code. The user reacts by clicking "Sign-up" to generate a new key. But by mutating eccCount, the attacker can get his new keys.

Proposed Solution:

  • Let eccSeed be refreshed every time one clicks "Sign-up". Always eccCount = 0. Do not keep them in keyRing/localStorage.
  • Show "backup code" only once after "Sign-up", with sufficient warning it's a one-time dialog.
  • Hide "Show backup code" in settings.html

Thoughts? :)

c.c. @maditya
@sirdarckcat
Copy link
Member

@rcchan wdyt?

@sirdarckcat
Copy link
Member

cleaning up old bugs, please reopen if you would like to see this fixed

@sirdarckcat sirdarckcat reopened this May 3, 2016
@rcchan
Copy link
Contributor

rcchan commented May 3, 2016

Problem 1:
The original plan was to have emails restored based on key ids associated on the key server.

Problem 2:
If an attacker stole the backup code, the user should start over without restoring keys since any existing/restored keys are compromised. Starting over from scratch will generate a new ECC seed which produces new, independent keys.

@rcchan
Copy link
Contributor

rcchan commented May 3, 2016

This may not be ideal if we're considering the user experience where a backup code is compromised but the keys themselves were not. In this scenario, the user would be forced to revoke the old keys even though those were not stolen.

Generating a new ECC seed each time and not keeping it in localStorage doesn't provide much benefit. At that point, you have a 1:1 correlation of seeds to keys. You may as well be backing up the secret part of the keys. Since the secrets still need to be stored, if localStorage is compromised, there is no point in protecting the one time use ECC seed used to generate the key.

@sirdarckcat sirdarckcat mentioned this issue May 3, 2016
Closed
@sirdarckcat sirdarckcat changed the title Counterintuitive backup/restore flows using "backup code" Extension: Counterintuitive backup/restore flows using "backup code" May 3, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement extension usability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sirdarckcat @rcchan @adon-at-work