detronetdip
commented
2 years ago Hi @getify I was thinking about implementing bio metric authentication ( bio metric data as unique identifier ) on server so that someone could prove, from a new device, that they are authorized to retrieve/decrypt that data. What is your thought on that, please let me know.
jzombie
I already have a growing list of capabilities/protections that an app like this could include, but which would require moving beyond simply a static file server into a more specifically tailored and integrated server.
This of course opens up a whole list of additional complexities/downsides, including cost, maintenance, security, governmental interference, etc. That means we should be very weary to do any such things, and only cross this bridge if we cand deeply and fully justify it, and have a plan for managing those complexities.
But in the interest of discussion, I want to list some of the ideas I am already contemplating, and invite others as well.
off-site/off-device backup: offer the option to either one-time or automatically upload the encrypted dataset from your device to the server. We would NOT include the decryption key itself, but would need to keep the other encryption params (algorithm, salt/iv, etc) necessary to reconstruct the key (provided the user remembers the passphrase). We'd also need some mechanism (like a hash challenge) and some unique identifier (email?) so that someone could prove, from a new device, that they are authorized to retrieve/decrypt that data. Complex stuff, but we could figure it out I think.
Also considered is your own export-backup that you have to store somewhere (like google drive, etc). This has its own (many) downsides though.
Similar to backup, offer optional "device sync" where you can one-time, or somewhat-automatically sync your data from one device to another. Could generate a QR code one one device to scan from the other, to streamline. All the same complexity.
Perhaps a way around some of the complexity of device sync (but with its own complexity) could be direct device sync via webrtc (data channels) so that the actual data never even touches our server. Still need server for the webrtc signaling negotiation, etc.
Optional 2-factor auth (like RSA 6 digit code kind, NOT through SMS) to further secure your login/encryption.
Optional biometric auth (in web terms, using Webauthn API with FIDO on the server) so user could unlock/decrypt with fingerprint, face ID, etc, instead of inputting their passphrase.