Skip Navigation

If your Proton password is your encryption key, why couldn't Proton theoretically use it to decrypt your data?

AFAIK when you log in to Proton, you send them your password, they do the standard hashing and checking against the hash stored in their database, and if it matches them they let you log in by sending you a token of some sort.

If the your password is your encryption key, and if at some point Proton needs your plaintext password in order for you to log in, then doesn't that mean they still have a way to access your data? They could take the plaintext password and decrypt everything in your account without you knowing, right?

3
3 comments