|
|
|
|
|
|
by jpgoldberg
3885 days ago
|
|
|
At the risk of sounding "markety", let me point out the first three bullet points in the overview of our security doc. \item[True end-to-end encryption]
All cryptographic keys are generated and managed by the client on your devices, and all encryption is done locally. Details are in \nameref{ch:deep}. \item[Server ignorance] We are never in the position of learning your Master Password or your cryptographic keys. Details are in \nameref{ch:SRP}. \item[Nothing “crackable” is stored]
Often a server will store the password hash. If captured, this can be used in password cracking attempts. Your locally held Account Key means that the data we store cannot be used for cracking attempts. See \nameref{sec:account-key} and particularly Discussion~\ref{aside:factor} for details. A way of summing this up is that we've aimed to designed things so that our data store is not an attractive target. And that means not being attractive to LEAs. |
|
|