[imuli]

I mean, one of the most important things you can do is write up exactly how you use the various pieces of cryptography - so people who know enough can easily evaluate your theoretical ideal.

Then when someone takes a look and notices that you're storing the users' RSA private keys on the server, they can check whether you actually meant to do that.

Also: Don't store (or ever even have) your users' RSA private keys server side!

[monicaincog]

noted. in the coming weeks we'll be more transparent about the tech stack.

in the meanwhile, sure, we don't store private keys on the server side :)

[imuli]

In the login response I see the private key being sent back from the server, it looks like it is encrypted with a key derived from the user's password. 100100 iterations of PBKDF2-SHA512 is certainly better than it could be, but not it's certainly not as secure against brute force attacks as Argon2 or any other modern KDF.