top | item 23869474

(no title)

What you described wouldn’t be e2ee. If a person can login and have access to read or write DMs then it means the device gets the key from the server. Keeping the keys on the server completely misses the point of e2ee. The keys need to be stored on the individual devices. Also, it would be pretty easy to share keys between your devices.

discuss

m90|5 years ago

I think a common approach would be using password-derived keys which would _not_ be stored on any server, but could still be used across multiple devices.

> Also, it would be pretty easy to share keys between your devices.

Genuine question: What's the most common and easy way of doing that at the moment?

justSayin000001|5 years ago

From your statement about “anyone who gains access to the account would still be able to read and write DMs, even when they would be encrypted” I thought we were looking for an approach that gives more security. Having the account password seed the encryption would still leave us with the same problem.

Easiest way I have seen is when an apple device asks if you want to share the wifi password with another device.