|
|
|
|
|
|
by fuoqi
1942 days ago
|
|
|
Leaking the secondary key will allow an attacker to impersonate user at any time and to continuously retrieve the encrypted vault. As I've said, it may not be important for a password storage, but in more sophisticated applications continuous access to an encrypted vault may leak important meta-information (e.g. number of files, their size, time of creation, etc.). |
|
|
You can add 2FA to the authentication process.
All metadata is obviously encrypted, the data is just a single blob. you maybe could try to guess the number of entries based on size but that's too dynamic as well.
These products were attacked before, decrypting the vault wasn't how they were attacked.
It was with bugs\vulnerabilities within the browser extensions that lead to data leaks. something else entirely.