AFAIK when you log in to Proton, you send them your password, they do the standard hashing and checking against the hash stored in their database, and if it matches them they let you log in by sending you a token of some sort.

If the your password is your encryption key, and if at some point Proton needs your plaintext password in order for you to log in, then doesn’t that mean they still have a way to access your data? They could take the plaintext password and decrypt everything in your account without you knowing, right?

  • @asdfasdfasdfOP
    link
    English
    48 months ago

    Awesome, very well explained! Thank you.