Currently the client generates storage_key used for e2e encrypted storage of data using just their internal RNG.
Instead:
the server should choose a nonce and send this to the client
the client should use their RNG to pick a seed uniformly at random, and then use a KDF to derive storage_key from the server-chosen nonce and the client-chosen seed.
Currently the client generates
storage_key
used for e2e encrypted storage of data using just their internal RNG.Instead:
storage_key
from the server-chosen nonce and the client-chosen seed.