Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify this login toast pops up when there is no way to do it (no other devices or 4S) #6466

Closed
BillCarsonFr opened this issue Jul 5, 2022 · 1 comment · Fixed by #6475
Closed

Verify this login toast pops up when there is no way to do it (no other devices or 4S) #6466

BillCarsonFr opened this issue Jul 5, 2022 · 1 comment · Fixed by #6475
Assignees
@BillCarsonFr
Labels
A-E2EE Team: Crypto Z-parity-with-web

Comments

@BillCarsonFr
Copy link
Member

If you login on a new device and you don't have other active logins nor 4S, android will prompt you to verify but there is actually no way to do it.
image
image

For reference web is showing this:
image

Short term fix:

Align with web. Show a popup stating that you have lost access to e2ee history and propose to reset cross signing and properly setup 4S.

Long term fix.

This will need a bit more thinking.
But basically, why don't we just silently reset cross-signing keys?
Do we really need to do a full bootsrap (xsigning, backup + 4S?)?
Maybe this could be just an opportunity to explain the benefits of backup and 4S? And to explain why e2ee history is not accessible?
@BillCarsonFr BillCarsonFr self-assigned this Jul 5, 2022
@dkasak
Copy link
Member

dkasak commented Jul 5, 2022

But basically, why don't we just silently reset cross-signing keys?

I think it's always a bit iffy if an untrusted party (in this case, the HS) is able to make the client modify or drop local crypto-related state. I don't have a ready-made attack scenario, but I feel it's not a property we want to lose. Resets should always be user-initiated, IMO.

Maybe this could be just an opportunity to explain the benefits of backup and 4S? And to explain why e2ee history is not accessible?

Probably shouldn't spell it all out in a huge block of text, though. Maybe a bit of "Why is this required for accessing encrypted message history?" green text at the bottom, which summons a new screen or a modal which explains it in more detail.

@ouchadam ouchadam mentioned this issue Jul 5, 2022
Open
This was referenced Jul 5, 2022
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BillCarsonFr BillCarsonFr

Labels
A-E2EE Team: Crypto Z-parity-with-web
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Handle case when device cannot be verified element-hq/element-android
2 participants
@dkasak @BillCarsonFr