Skip to content

Master Password is single point of failure #2

Description

@gtabmx

Since the master password is "salted" with the user's Ethereum address, via MetaMask, to create the seed, the master password is the only private thing that needs to leak to compromise al the user's passwords. Instead, consider the password seed being the signature of the master password (or some single private seed), signed by the user's MetaMask account private key.

This way, even if the master password, or the private seed, leaks, the user is not yet compromised.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions