[10:44:27] Could someone explain how ProtonMail's encryption works? I know it uses PGP keys but how are these stored in a zero-access way or whatever it is that they claim? And yes I know you can't have trustworthy E2EE in the browser [10:52:12] [1/2] Wait what? My little pony on #50? 😄 [10:52:12] [2/2] Does that still exist? wow [10:54:28] https://equestripedia.org/wiki/Main_Page ? [10:54:32] Yeah it's a well known wiki [10:54:44] Idk if the wiki is very popular or complete though [10:59:58] I didn't know there's MLP fork on Mira [11:00:10] [1/2] man [11:00:10] [2/2] https://cdn.discordapp.com/attachments/1006789349498699827/1220688468666093599/IMG_20240322_135916.jpg?ex=660fd9ba&is=65fd64ba&hm=4c4edb6631cb74c763118746d3dcee38b57f9ebe49b0f2e6ee50d2c0e79197db& [11:00:20] and they use Timeless as default skin lmao [11:00:28] they need to disable MFE [11:01:32] Unfortunately many people completely neglect the experience of mobile users [11:02:13] and there's Mira shutdown notice [11:03:01] Lol yea I just noticed that [11:03:13] [1/2] and no updates on that [11:03:14] [2/2] activity seems to be low too [11:03:24] Yea [11:03:54] also yay another logout [11:04:01] My wiki has entered the TOP 500 Yay!! [11:09:33] i thought anime baths went fully indie after getting kicked from fandom [11:19:28] they derive an encryption key from your password (https://proton.me/support/how-is-the-private-key-stored) and use that to encrypt the private key on their servers. [11:19:39] I see thanks [13:06:01] [1/2] Is this secure and would it plausibly work if the wiki has things like CentralAuth? [13:06:02] [2/2] https://cdn.discordapp.com/attachments/1006789349498699827/1220720137272033280/private_messaging_implementation.txt?ex=660ff738&is=65fd8238&hm=90b1a2af8ed732f59b0b54d8af74d002150010426c41a794fff6a97eea48e614& [13:06:20] It's just an idea I had because I'm bored, not 100% sure if I'd actually create an extension that does this [13:09:52] [1/3] The biggest concerns I have are: [13:09:52] [2/3] 1. The implementation breaking with CentralAuth and similar extensions [13:09:52] [3/3] 2. Security of localStorage [13:10:50] CentralAuth can be worked around [13:11:05] I dislike storing plaintext passwords in local storage [13:13:59] What do you think should be done as the solution to the plaintext issue? It's also a big concern I have [13:17:28] I'm not sure [13:17:56] Looking at something like the signal protocols documentation might help [13:18:00] Alright thanks [13:18:04] I'll do that [13:24:59] Opinions welcome on https://github.com/miraheze/CreateWiki/pull/487. That PR does part of https://issue-tracker.miraheze.org/T10683. [13:50:48] Made some changes https://gist.github.com/colleirose/a4ad5d210144946541ab4ecd6f98e0e7 [13:51:24] I am still not sure where the best place to store private keys and hashes is though [13:52:14] It's no longer storing plain-text passwords but still needs some improvements [14:05:41] I've heard about the web crypto API and that it can be used for things like this but I can't find anything in the documentation that can serve the specific purpose of storing hashes and keys [18:18:52] That seems pretty outdated [18:20:32] sorting on wm cloud is a bit confusing tbh [18:31:56] It doesn't purge deleted wikis [18:32:02] I can do that later