May 21, 2022•144 words
Total hours: 243.650
1) Authorization and Deployment Concept
This is very tricky but partially depends on not having a properly design threat scoping concept.
The idea is have access keys which are seperate from the account in the event of a compromised system nuke, and remove,
The problem though is it’s impossible to have a secure E2E encryption without a key being stored somewhere (like the persons brain or hardware key).
If it’s the first it’s adding the ‘just one more password fallacy’. If not then how is the password stored and derived?
In the event that the password is completely lost, how is it derived?????? What is the recovery mechanism?
I don’t know and requires rethinking.
2) Mac Firefox to database synchronization
Not started with fully, because the database, key-management and threat scope need to be reexamined.