Reading about the way the masterkey.cryptomator file works, I thought it could be used to implement some sort of 2-factor authentication mechanism.
Basically, if one didn’t sync the masterkey file on the cloud space where the rest of the files are, an attacker gaining access to the cloud storage would both have to KNOW the password and OWN the masterkey file through other means.
The masterkey file could even be kept in sync with another storage space using another app which in turn only keeps track of the masterkey file itself.
Of course this only covers the “threat model” of a remote attacker gaining access to the cloud space, because the masterkey and the files would still be on the same machine locally.
I am wondering, though:
- How useful would this really be? For example, how much more complex it becomes to “crack” the vault in these circumstances?
- And which implications does this have given the way cryptomator works? I seem to understand that the master key can change under some conditions, so one should be really careful to always ensure they are keeping the most up-to-date one.