Mallory has a copy of the Encrypted Data and Recovery Pack. Mallory is also able to eavesdrop on the channel over which
Verification Codes are sent (SMS, e-mail). Mallory would like to decrypt the Data without Alice being notified. If Mallory sees
that Alice has initiated recovery, Mallory will be able to silently request a Fragment from the server by reusing the same code
as was sent to Alice.
This attack can be thwarted if the VerificationResponse includes a random code which the app must present on Recovery, in addition to the code sent to the user. This has no user-facing implications, but does complicate the Passcrow Client, since it will need to keep state for in-progress recoveries.
This scenario assumes Mallory has quite a significant level of access already (e.g. access to Alice's backups, as well as Alice's online accounts) - but not total access: in this scenario Mallory has not compromised the Servers and doesn't have live access to Alice's devices. So it's a hole worth closing.
Attack scenario:
This attack can be thwarted if the VerificationResponse includes a random code which the app must present on Recovery, in addition to the code sent to the user. This has no user-facing implications, but does complicate the Passcrow Client, since it will need to keep state for in-progress recoveries.
This scenario assumes Mallory has quite a significant level of access already (e.g. access to Alice's backups, as well as Alice's online accounts) - but not total access: in this scenario Mallory has not compromised the Servers and doesn't have live access to Alice's devices. So it's a hole worth closing.