Share a Passwd file via a CRDT, securely over Matrix encrypted rooms.
TODO: figure out where to best store the room information. The header is precarious, due to conflicts and no official extension. My best reasoning at the moment is to use a password entry with a specially chosen UUID, then serialize all the descriptor into the comment section as JSON (UTF-8).
TODO: figure out how to send a room invite, mostly. Also, we would like the user to choose the storage and password method for their persistent file independently. The program should thus be given a passwd file to work on, not necessarily create one itself. See also the special entry in creation.
There are two main security critical portions to this program:
-
The communication over the Matrix protocol between devices. The E2E implementation takes care of most but we must take care mainly to only invite devices we intend to share our password file with. Note that for instance the room history setting (
m.room.history_visibilityshould be at mostshared) does affect secrecy after device compromise. This will require further investigation, i.e. can our CRDT handle forgetting the beginning or do we re-start from scratch at some point.Our client must also handle the authentication and on-device persistence options to securely handle the Matrix device data.
-
The on-disk data, which will appear like a Passwd-file and more particular the V3 format. Not V4, which adds multiple identities, but compromises on compromise recovery.