Login with incorrect key

[ellie]

Currently users can login without specifying a key, and atuin will generate a new one. They can also login with a key that differs from that used by the other machines, and cause problems for themselves

It should be difficult/impossible to use a different key. We could check key IDs against what we already have, and refuse a key if it isn't correct

[luochen1990]

I don't understand the atuin account system at all, I tried to use same user name and different password & key to login into another PC, and it always login successfully. but the total commands is not the same as the first PC. So I atuin logout and atuin login again, this time I use same username, same password, same key, but the total commands is still different. seem the wrong state is keeped somewhere.

And, the "user name" , "password" and "key" are very duplicate and hard to understand, why not just use key , or user name + password ?

[ellie]

@luochen1990 let's keep this as strictly a planning issue, but I'll elaborate anyway

username and password authenticate you with the sync server. The password is stored, hashed, on the server - so you can authenticate and make api calls. The encryption key is randomly generated by your client, is not associated with the server, and serves to encrypt your data before its synced.

It cannot be used as auth, because then we'd need to share it with the server or use some sort of public key system. We ensure that your data is portable between servers, so encryption also cannot be tied to auth in any other way.

[luochen1990]

IMHO, if the key is not used for login to server, then it should not appears on the login process, and users should not copy/paste the key between different computer, instead, we should encourage using different key on different device, and just keep the random generated key invisible for normal user

[ellie]

It's a shared key. Users have to transfer it between devices or things won't work - that's why it's part of the login process, as it's only when the user logs in that it becomes crucial.

[luochen1990]

Oh, I understand now, the root cause is that users do not trust the server, so this key is used to protect user data from being leaked to the server, and the password is used to log in to the server to access the encrypted data.

I now understand why these three things coexist, but I still believe we can simplify this process, just like end-to-end encrypted applications such as Resilio Sync and Anytype, where users can always just record a single key.

For us, simply put, we can at least encode the triplet of user, pwd, and key into a string, which we'll call long-key. Then, when logging in, users only need to fill in the long-key, and the atuin client will parse the user, pwd, and key from the long-key and proceed with the previous process