I’m considering switching to Proton and I’m curious whether you all are using one-password or the two-password mode. Protons documentation isn’t super clear on the differences so I’m not sure what (if any) tangible benefit there is to having a dedicated mailbox password. There is plenty of web-based E2EE software that only uses one password and is regarded as very secure.
Threat model: I deeply value my stuff remaining fully mine to the greatest extent possible. The inconvenience of having two-passwords is largely irrelevant to me and not a factor.
TL;DR: Do you use two-password mode on Proton? If so why and should I?
this is a legacy feature. in the past proton did not use key derivation and instead used one password for the decryption and one for logging in to your account. There is not really any reason to still do so unless you do not trust the math behind key derivation. Proton nicely allowed all users to keep using double password mode, I am guessing to not create distrust.
I mean in theory more password (longer stuff) is always better so more passwords I guess help there too. But it doesn’t really do much here. Just create a long passphrase for your account.
if you want some kind of two people required to unlock situation where you give both a part of the secrets, you could simply give them both half of a passphrase.
Should be noted, that if you switch modes, you should not reuse the same password(s).
The first login password is used to verify the identity of the user. The second password is a decryption (mailbox) password that Proton Mail does not have access to. It is used to decrypt data on your device; we do not have access to the decrypted data or your decryption (mailbox) password.
Proton already doesn’t have access to the primary password so I don’t understand what they mean by this. Is it just the fact that it is never sent to them at all (hashed or otherwise) since the decryption is done locally?
This also means we cannot hand over your data to third parties or perform a mailbox password recovery. If you forget your mailbox password, we will not be able to recover your data.
My understanding is that it is already the case that while Proton can reset your password, you still need to recover your encrypted data separately. Therefore I’m not sure how this paragraph actually differentiates two-password mode.
I think it is akin to a secret key with 1Password which prevents decryption of data should someone gain access to their servers.
Your Secret Key protects your data off your devices. Someone who attempts a brute-force attack on our servers won’t be able to decrypt your data without your Secret Key, which we never have.
I’m not convinced that is the same thing. The secret key exists to ensure that users who pick poor master passwords accounts are secure since the secret key is always 128 bits. The master password and secret key are derived together to create a key encryption key which is used to encrypt your private key. In Protons case, the second password is only used for the encryption and doesn’t appear to be combined with the primary password in any way.
In the article they don’t state the purpose of secret keys is to guard against users choosing poor passwords. Instead the article says secret keys are used to decrypt data, which is also what Proton says in their description of a second password (“It is used to decrypt data on your device”).
You are misunderstanding where passwords are hashed. Passwords are and should be hashed server side, not on the client side.
If you would hash the password on the client side it would require the salt to be exposed to the client. This effectively would mean that you will create the password hash on the end users device which would effectively become the password. If you would store that after in the database what you effectively achieve is that you store a plaintext password. This would be highly undesired.
On basically every website you do sent your password via encrypted connection (TLS typically) to the backend of the service. They hash that password (using their salt) and cross check that with their database.
This means that if you use the same password to decrypt data the server could in theory take a copy of that and decrypt the data itself.
I am going to try to simplify this a bit, but so how does Proton prevent being able to decrypt the data?
Well, they take two extract keys (derivations) of your password you type in on your client. One key they use to log you in via the hash check on their backend, the other key they use to decrypt and encrypt your private PGP key on your client. Those PGP keys are fetched from the the database of proton after login. Those PGP keys are then used to encrypt and decrypt your data locally.
So what is than the effective difference between one and two password mode?
Essentially none. It is just up to you whether you let one password be used two create two different ones by math or you keeping hold of those two yourself.
That’s my bad for the poor phrasing. I understand hashing isn’t done client side, if it was an attacker would be able to log in using stolen password hashes.
What I was trying to say was that the primary password is sent to Proton, whereas the second password is used to decrypt the encrypted PGP keys locally, which Proton would only send you if you enter the correct first password. That being the case, it seems to me that against an attacker who could obtain the encrypted PGP keys, the two-password mode provides no extra security?
Thanks for bearing with me. So the functionality of the primary password remains the same, only that in one-password mode it also fulfills the role of the second password?
It is being shared with my best friend under my consent, No ToS or EULA to break, besides we say that Modifying discord breaks ToS yet none gets suspended nor anything for it.
So are you gonna answer my question or no? Because if it works everywhere else the two password mode I’ll implement it. That’s what it would be here for, it would be a security measure.
So you’re basically not gonna answer my question.
Thank you so much /s
Again I trust him but I will still implement two password mode in case they try anything.
I’m only asking this so I can make sure before deciding to execute the decision. If you’re not gonna answer my concern then I’m afraid I’m gonna ask to politely stop responding to me till you do.
(Just tell me say, two password mode only works for other services but not your proton account settings if that’s the case, is it so hard?)
Thanks, Maybe I should’ve just tried it out to make sure and not waste time but in any case thanks, If however two password mode doesn’t work with proton account settings then yeah abd if ProtonVPN does ask for it then I’m basically gonna hassle them with the Wireguard config.
I’m actually not sure the second password would be required for Proton VPN since it doesn’t have to store any encrypted data. Again I really strongly recommend against doing this.
It doesn’t, which is good.
I did some testing it’ll be fine.
but I do strongly agree I don’t recommend others do it Unless you know what you’re doing if not then don’t
For me even if my friend was to touch anything on the account, We basically have physical contact meaning he can face punishments and stuff like that, with physical contact for years now we basically trust each other. But still secure your account well or basically don’t share as I said if you don’t know what you’re doing especially, just don’t