element-hq / element-web

A glossy Matrix collaboration client for the web.
https://element.io
GNU Affero General Public License v3.0
11.28k stars 2.02k forks source link

Warn users when setting up key backup that the admin can crack weak passwords #13394

Open notramo opened 4 years ago

notramo commented 4 years ago

Users not familiar with cryptography doesn't even understand what that password does and why is it important. And if they doesn't understand it, they won't set strong passwords. They will set the easiest to remember (and crack) password. So I suggest similar wording:

Save my conversation encryption keys to the server, protected with the same password (WARNING: If you give a weak password, the server admin can break it, and read all your conversations! If you don't know what makes a password cryptographically secure, then don't use this feature!)

t3chguy commented 4 years ago

The same user will probably also misunderstand the concept of a server, blaming Discord here for naming their guilds servers This is scaremongering if anything

notramo commented 4 years ago

I mostly think about FB Messenger/WhatsApp/Hangouts users, who haven't heard of Discord.

@t3chguy What is better?

t3chguy commented 4 years ago

Riot could just enforce a minimum passphrase quality like it does with password quality

notramo commented 4 years ago

You are talking about "Matrix for healthcare". Think about the above question in this scenario. Would you like if your admin would crack your conversation with your doctor because the doctor used weak passphrase? Or for example used the following passphrase: "lock the keys securely", for which your crappy password quality meter says "Strong password" (Is it strong??? Approx. 2 hour to break with a modern PC and dictionary)

t3chguy commented 4 years ago

Well that wouldn't be my admin, it'd be the Doctor's admin which would be a gigantic legal issue in the first place

notramo commented 4 years ago

Is it impossible that a data breach happens on the hospital's server? No, it's not. You maybe know why strong password is important. But the majority of users don't. The patient can also set weak password and his admin could crack it, and tell his medical condition to his friends. The admin may get jailed. But it doesn't change that the user's friends know his medical condition, and this maybe ruins his relationships (or entire social life).

besendorf commented 4 years ago

Id suggest to use a this slighty different text.

Save my conversation encryption keys to the server, protected with the same password (WARNING: If you choose a weak password, the server admin could break it, and would be able to read all your conversations! You can also save your keys offline on your computer or an external drive. Chose a password with at least n characters and lowercase, uppercase, numbers and symbols. The length is more important than many different symbols, numbers, letters.