If my password is never sent to the server, how can you log me in and verify it?

This is a crucial aspect of our end-to-end encryption architecture. Your sensitive account data, such as the secret keys for your past uploads, is encrypted with a main data encryption key (DEK). This key, in turn, is encrypted with your password.

For us to verify your password during login without ever seeing it, we use a modern cryptographic protocol called OPAQUE.

Here's a simplified explanation of how it works:

• When you log in, your browser and our server engage in a cryptographic handshake. Through a series of exchanges, our server can verify that you know the correct password without you ever sending the password to us.
• Once the server confirms your password is correct, it sends your encrypted DEK to your browser.
• Your browser, which is the only place that knows your actual password, can then decrypt this key.
• With the decrypted DEK, your browser can finally access all your other encrypted account information, like your upload history.

Thanks to the OPAQUE protocol, your password never leaves your device in a readable form. We can authenticate you without ever having the ability to see your password or decrypt your personal data. This provides a much stronger level of security than traditional password systems.