15Eyl
E2E encryption for web app – two passwords vs encrypting data with login pass and sending only hash to server
I am looking for some compromise with integrating E2E encryption for web app (basic FE and BE).
Basically I read about two concepts which are truly E2E encryption and not that much complicated.
- Using two passwords, when one is for login and second is for encryption only used only locally on client device. Something like Protonmail used before.
pros: secure, bulletproof?
cons: too much hassle with having two passwords, risk that users will use same password
- Using only one login password which is used also to encrypt data. To prevent server reading you send only hash of this password to server to verify identity. This is the current Tutanota email service setup.
- pros: only one password, simple
- cons: resetting password would lead to data lost as those old data can't be decrypted?
