Research (Both security implication-wise and end-user), if AES-GCM alone is sufficient as an auth guarantee for the seed phrase (that someone didn't maliciously change the seed phrase):
[x] implement seed phrase encryption as AES256-GCM on user-end.
- [ ] maybe add identicon for m/1337'/0' ( or other) acct- [ ] consider any other options, technically https://github.com/SrsSec/SrsPass-pwa/issues/4 should aid in authentication, in that they will fail to decrypt, if the seed phrase is changed. A warning can be emitted regarding this, indicating corruption of some sort.
Research (Both security implication-wise and end-user), if AES-GCM alone is sufficient as an auth guarantee for the seed phrase (that someone didn't maliciously change the seed phrase):
- [ ] maybe add identicon for m/1337'/0' ( or other) acct- [ ] consider any other options, technically https://github.com/SrsSec/SrsPass-pwa/issues/4 should aid in authentication, in that they will fail to decrypt, if the seed phrase is changed. A warning can be emitted regarding this, indicating corruption of some sort.blocked by https://github.com/SrsSec/SrsPass-pwa/issues/3 needing stores implementation first