[Question] How does NoKey handle device loss?

[yshui]

I assume if I lost a device, I would have to re-encrypt the whole key vault with a new key? Because if an adversary was to collect enough of my lost devices, they would be able to derive the key.

I don't see re-encryption mentioned in the README, does NoKey provide an easy way to re-encrypt the vault?

[Zinggi]

Hi there 👋

It's been some time, so I don't remember all the details fully, but I'll try my best

---

I think NoKey doesn't have any features that help against the security issues that come with losing multiple devices at the same time. So if you lose multiple devices at the same time, it's best to consider your accounts compromised. So if that happens, you'll have to change all your passwords to stay safe -.-
But this is really unlikely, so I'm not too concerned about that.

---

If you only lose one device at a time it's also not great, but at least your passwords always stay safe.

I think in that case it would be best to export the passwords, reset all devices, re-pair all devices and finally re-import your passwords (all of this is found in the "More" tab). This will generate new keys, new shares, etc. so that everything stored on the lost device will be completely useless.

Unfortunately there is no way to re-encrypt all your shares in an easier way.
You can delete a device from your list of trusted devices, but that of course won't remove the secret share that's stored on the lost device.
This would have been a great trigger for such a re-encryption, but that was never implemented

[Zinggi]

And adding to that answer above, I think implementing such a re-encrypt functionality would actually have been very difficult. The distributed nature of NoKey makes this quite tricky, as devices that are offline wouldn't be able to receive newly generated shares.

So I think this feature would require you to gather all other devices anyway, to make sure they are all online at the same time when this re-encryption occurs.

Achieving good usability with a distributed application is very hard..

[Zinggi]

And I guess there is also a workaround for this rotation without doing the export / import process, if you have enough devices, I think 4? But it's even worse UX wise:

Remove 2 devices and reset them. Pair them again. store a new made up login in them.
Then, pair those to your other 2 devices that still contain all your passwords. Then you will have 2 different password groups with security level 2, one with the new login, one with all your old logins.
Then you could move all logins from the old password group into the new one.

But yeah, this is even worse..

[yshui]

Thanks for your answer!

So I think this feature would require you to gather all other devices anyway, to make sure they are all online at the same time when this re-encryption occurs.

Yeah but I think this is acceptable, it's much more user friendly to gather all devices and click re-encrypt, than to export/re-create/re-import.

[yshui]

BTW, so this project is no longer actively developed?

might be a good idea to note this in README, or archive the repository? anyway, just a suggestion. I didn't realize this is no long active and am now a bit sad 🥲

[Zinggi]

Yeah but I think this is acceptable, it's much more user friendly to gather all devices and click re-encrypt, than to export/re-create/re-import.

Agreed, but at least it's somehow possible.

BTW, so this project is no longer actively developed?
might be a good idea to note this in README, or archive the repository? anyway, just a suggestion. I didn't realize this is no long active and am now a bit sad smiling_face_with_tear

Yeah, I'm not adding any new features and won't be maintaining the apps on the different stores if google ever decides to kill it for some reason.

But I will definitely keep the server and the web app alive, since I'm still using this as my personal password manager.

You're right, I should definitely add this to the README and make it prominent.