[Feature] Add config option to replace for web clients users' encryption passphrases by randomly generated passphrases stored on the server

[menturion]

Users are currently prompted to enter a passphrase for encryption each time they log out. This results in a very bad user experience and can lead to .....
-- a user can no longer access his or her messages, or
-- a user no longer uses encryption at all.

Worse still, even though a user has no encrypted messages, he is prompted to enter an encryption passphrase each time he logs off.

Therefore, I would like to suggest that a config option be added that for web clients, users' encryption passphrases are replaced by randomly generated passphrases stored encrypted on the server, eliminating the above query.

This would be complient to the security requirements of most use cases. It would also cover the feature request #4367 ...

I have a legal requirement to provide audit-able chat logs, which is obviously impossible if there's nothing preventing my end-users from encrypting any room they create.

[Half-Shot]

Users are currently prompted to enter a passphrase for encryption each time they log out.

May I ask why users are logging in and out often? Login sessions should really persist between usage sessions, and only be logged out if the user intends to not use the same device again. The easiest solution to this problem is to find a way to keep your users logged in.

Storing passwords serverside is dangerous, because there is no sensible way to encrypt them without either asking the user to provide another password or for the server to store it in a way that could be broken by a hacker. If the password gets broken, your encrypted messages are no longer encrypted.

To save a lot of discussion, I'm fairly confident that Matrix isn't going to start letting users store their passwords on the server to save them from forgetting them (same goes for pre-generated passwords).

Perhaps even more chilling is that you believe by storing passwords serverside it will fix #4367 which means that you intend to use the passwords to read the messages sent by the users? Frankly I'd much rather you disable encryption across the homeserver than keep a backdoor handy to the users conversations. If you want to be able to snoop on those messages, #4367 should cover it (it shouldn't really be closed).

[menturion]

@Half-Shot

Many thanks for your commnent! It seems that the description of my feature request is missleading. Sorry for my bad English, I don't speak English natively.

I, of course, don't suggest to store any password/passphrase on the server. I suggest to add an alternative to avoid passphrasing an encryption key.

For most threat scenarios it is safe enough to encrypt data at rest by e.g. data encryption keys and key encryption keys that are stored on the server without passphrasing them, see Mattermost (et al.).

If an attacker gets access to the file system you almost lost the battle. Same with getting access to the mobile phone of a user (also for the current Matrix implementation).

If you could propose a less missleading description for my feature request, please suggest one and I will correct mine.

[jryans]

At the moment, I'm not sure I follow what you are proposing here... Maybe by asking some more questions, we can work out what you're aiming for here. Would the client randomly generate a passphrase, or is that something you're suggesting the server should do?

[menturion]

Maybe I should avoid to be too specific in my description.

I simply propose to add an optional alternative to the current passphrased encryption key, i.e. generating encryption keys that are not passphrased by the user and thus without the need of user interaction.

[neilisfragile]

Okay, based on what you have said, I really don't think we would go down this path for the reasons that @Half-Shot outlines above. If you want to talk more on the subject #e2e:matrix.org would be a good place.