Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Element-R: aborting cross-signing reset leaves the account in a broken state #26322

Closed
richvdh opened this issue Oct 6, 2023 · 2 comments
Closed

Element-R: aborting cross-signing reset leaves the account in a broken state #26322

richvdh opened this issue Oct 6, 2023 · 2 comments
Labels
A-Element-R Issues affecting the port of Element's crypto layer to Rust T-Defect Z-Labs

Comments

@richvdh
Copy link
Member

richvdh commented Oct 6, 2023
edited
Loading

From https://github.com/vector-im/crypto-internal/issues/154:

Resetting cross signing (bootstrap), will in most case require the user to enter their account password (to upload the new keys), and 4S passphrase to update the account data.

Currently this is not atomic, we first reset the keys locally then update 4S, then upload keys.
So if the user forgot their password/key the account will end up in a broken state, with local secrets not uploaded to server

cc @BillCarsonFr
@richvdh richvdh added A-Element-R Issues affecting the port of Element's crypto layer to Rust T-Defect labels Oct 6, 2023
@richvdh richvdh mentioned this issue Oct 6, 2023
Closed
@richvdh richvdh changed the title Element-R: resetting cross signing is not resistent to forgotten account password & 4S passphrase Element-R: resetting cross signing is not resistant to forgotten account password & 4S passphrase Jan 24, 2024
@richvdh richvdh mentioned this issue Mar 1, 2024
Open
@richvdh
Copy link
Member Author

richvdh commented Mar 28, 2024
edited
Loading

Currently this is not atomic, we first reset the keys locally then update 4S, then upload keys.

when you say "upload keys": do you mean publishing the public keys? Via /device_signing/upload?

@richvdh richvdh mentioned this issue Mar 28, 2024
Open
This was referenced Apr 19, 2024
Closed
Closed
@kegsay kegsay mentioned this issue May 28, 2024
Open
@richvdh richvdh changed the title Element-R: resetting cross signing is not resistant to forgotten account password & 4S passphrase Element-R: aborting cross-signing reset leaves the account in a broken state Jul 23, 2024
@richvdh
Copy link
Member Author

richvdh commented Oct 8, 2024

duplicate of #13338

@richvdh richvdh closed this as completed Oct 8, 2024
@richvdh richvdh mentioned this issue Oct 8, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-Element-R Issues affecting the port of Element's crypto layer to Rust T-Defect Z-Labs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@germain-gg @richvdh