I recently set up the End-to-End Encryption module on my instance. On first set up, the client desktop app generated a mnemonic secret consisting of 12 random words. I would rather supply my own mnemonic secret. Is this possible?
I’m a little sussed out by the code that generates the mnemonic:
I can’t even tell if it’s actually randomizing anything? PKCS5_PBKDF2_HMAC() is a hash function, right?
Seems weird to describe the E2EE functionality as “production-ready” when users are asked to just take the mnemonic the client randomly generates at face value… Letting the end user introduce their own randomness would eliminate a trust bottleneck, as right now the user simply has to trust that the RNG used here is secure.