ara4n
commented
5 years ago We have a similar thing landing currently in the form of: https://github.com/matrix-org/matrix-doc/blob/dbkr/encrypted-recovery-keys/proposals/1687-encrypted-recovery-keys.md.
However, we deliberately use a separate key for backups to password for accessing the account (on the assumption that the backup key will typically be transferred via verification rather than being manually entered).
We'll need to compare protonmail's approach with what we're doing.
Description
I think Matrix's mission to make end to end encryption as easy to use and transparent to the user as possible is the right path and a commendable goal. ProtonMail made E2EE available to the masses in e-mail and we can learn from their experience:
https://protonmail.com/blog/encrypted_email_authentication/
Would it be possible for Matrix to use Secure Remote Password 6a, so that the user's password is never revealed to the server and could thus be used instead of a separate passphrase?