AFAIK when you log in to Proton, you send them your password, they do the standard hashing and checking against the hash stored in their database, and if it matches them they let you log in by sending you a token of some sort.

If the your password is your encryption key, and if at some point Proton needs your plaintext password in order for you to log in, then doesn’t that mean they still have a way to access your data? They could take the plaintext password and decrypt everything in your account without you knowing, right?

  • wandermind@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    38
    ·
    8 months ago

    Your Proton password is not the encryption key for your data, not directly. Basically, your password is used to encrypt the actual encryption key inside your browser, and that encrypted encryption key is stored on Proton servers alongside your data. Proton can’t access your data because they don’t know your password which was used to encrypt the encryption key.

    When you want to access your data, Proton servers sends the encrypted encryption key to your browser, and your browser decrypts it using the password you entered. Proton servers then send you your encrypted data, and your browser decrypts it using the decrypted encryption key and shows it to you. There’s no point where Proton has enough information to decrypt your data. Your actual plaintext password never leaves your browser.

    This is a simplified high-level overview of how it works, of course there’s a lot more details to the actual implementation.