Comments (4)
Secondly, I'd really like to be able to change the secret without entering the old one (because having access by a trusted device is commonly considered to be enough).
Try changing your password to any service you are logged into, I doubt any would let you change the password without verification. Think about it, it means anyone with access to an open browser tab or an unlocked device can just takeover your account.
I'd like to know where exactly the app stores the enc pw in which format. Maybe I can access it somehow using the administrative account on the device?
It doesn't. It stores a derived key used for encryption, but not the actual password. This is by design. :|
from android.
Thanks for your answer.
For the first point, I would say that a trusted device which needs to be unlocked is not comparable to an online service where you are logged in (for which you can usually trigger a reset if you own the registered email address). Compare to Keybase client, Wire or Signal, they all do crypto.
For the second, I suppose that the only way to go is to export the data, reset the account and import again then, if I cannot change the encryption key without providing the old one.
from android.
For the first point, I would say that a trusted device which needs to be unlocked is not comparable to an online service where you are logged in (for which you can usually trigger a reset if you own the registered email address). Compare to Keybase client, Wire or Signal, they all do crypto.
Can you just change your Signal password without setting the existing one? I'd be surprised if that's the case.
For the second, I suppose that the only way to go is to export the data, reset the account and import again then, if I cannot change the encryption key without providing the old one.
Yup
from android.
For the first point, I would say that a trusted device which needs to be unlocked is not comparable to an online service where you are logged in (for which you can usually trigger a reset if you own the registered email address). Compare to Keybase client, Wire or Signal, they all do crypto.
Can you just change your Signal password without setting the existing one? I'd be surprised if that's the case.
be surprised: "you can change the PIN as long as this deviced is logged in"
Of course, apps like Wire and Signal have per-device encryption keys and are bound to an email or phone number. However, the general principle is: once you are logged in, you have proven to be the owner and you have full data access anyways. What data are you trying to protect in this scenario?
from android.
Related Issues (20)
- Android App Crashes on Sync HOT 7
- Address book / contacts sync on Android is limited to 150 contacts HOT 1
- Task sync failed: Error while creating local entries (Android 12, Etesync app 2.4.2) HOT 10
- Cannot synchronize anymore on Android 13 with Etesync 2.4.1 HOT 1
- Some calendar not synchronizing (without error) on etesync 2.4.2 and Android 13 HOT 5
- After starting phone in "safe mode" all contacts are missing
- Android 11 etesync v.2.4.2 Tasks Sync Failed HOT 4
- No synchronisation (tasks and contacts) [EteSync 2.4.2 | OnePlus 8 Pro Android 13] HOT 9
- Bitcoin, Litecoin ids on fdroid metadata HOT 1
- Etesync altering contacts upon sync HOT 16
- Does the android app implement 2-way sync? HOT 1
- No more synchronisation HOT 4
- Ability to edit server address HOT 3
- EteSync stops synchronising after a day or so [EteSync 2.4.3 | OnePlus 8 Pro Android 13]
- No permission to import from file HOT 6
- Payment and e-mail response HOT 1
- EteSync 2.4.3 for Android - Downloaded >4 GB of background data within a month
- Unable to build with Android Studio 2023.1.1.28 HOT 1
- Cannot use associate invitation code
- in the absense of no response from email and irc
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from android.