Make it possible to change the passphrase #31
Comments
|
Not possible, and it's actually an implementation headache, since everything needs to be reencrypteed with the new password. And all of your derived passwords will change. This is actually one of the biggest flaws of the system. |
|
Oh I see. That's a bummer. You could move to a HMAC key that is randomly generate and stored inside a lockbox protected by the derived key? That should still be safe and would allow password changes; migration from old format also seems possible. |
|
Yeah, this is potentially the way to go. This is more like 1password. But then you need some sort of server-side state, which you don't really need with 1sp. So trade-offs. I'm probably not going to do much work on oneshallpass in the short-term, we're just about to launch another product. |
(Perhaps I've missed it but) I don't think there is a way to change your passphrase.
The text was updated successfully, but these errors were encountered: