Add ability to store the password on disk, encrypted with a passphrase that can be changed
Created by: mildred
The problem with the current behaviour (you have a non modifiable passphrase from which the key pair is derived) is that you can't change your passphrase. The problem is that:
- the user will choose a short passphrase that could be guessed by an attacker if he has to type is frequently
- if the passphrase is leaked (keylogger for example) then there is no option to change it
What I propose is a different approach: Upon account creation, generate a long and very random secret string that would be stored on disk, and use the user provided passphrase to encrypt it.
The problem is that you'd have to backup this secret. You could print it as a QR code and store it in a safe somewhere. If that is too inconvenient, the user provided passphrase could be used as a secret instead. The user should be clearly informed that the passphrase would not be able to be changed.