How to sync password across browsers?

A

Alexey Yarkov2016-08-13 11:12:28

Angular

Alexey Yarkov, 2016-08-13 11:12:28

Hello. I'm sawing my craft - a password manager. Data is encrypted in the browser before being sent to the server and decrypted back upon receipt. The key, of course, is never transmitted to the server.
When changing the key, I display a modal window with a reminder that you need to change the key manually on all devices.
Attention to the question: is it possible to somehow synchronize the key within the same account, but between devices? I can sit from a computer and a smartphone at the same time - a list of active sessions on the site will be visible in my account and any session can be disconnected from there.
It is also impossible to send a new key by mail, so that the server does not know it.
There is an idea to write a browser extension for this case. But then mobile phones will still not be taken into account.
There was such an idea: to make key encryption another key and synchronize through the server. But some matryoshka))

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

K

Kirill, 2016-08-13
@kirill89

I can suggest using the Diffie Hellman algorithm to communicate between tabs via the server. For example, via web sockets.
This way every client within the account will have a shared key (locally) with every other client. This key will be unknown to the server.
And then when updating the master key, it will be enough to encrypt it locally for each other client and store the encrypted key on the server. You can encrypt with any reliable symmetric algorithm.
I hope I explained clearly.
PS: I do not presume to say that this is safe enough.