Hi, where does Cryptomator Appimage physically store the $hashed decryption key, and are there any more possible attacks so far unthought of?
- This question ofc assumes someone has breached a computer physically (which is regarded as game-over by many) I am wondering where to find the $hash, if a user choses to automatically decrypt vaults due to convenience?
- Is this protected in any way?
Idea for improvement: People surely do not want to type long decryption passwords forever, so they auto-unlock
, but you could pin-protect this with a shorter key - to additionally protect the $hash (and make users typle less in return for convenience and security gain)