How do you imagine a recovery email to work, if the provider doesn’t store it, and you lost access to your email by definition in the moment you need it? Recovery email is not needed, you can totally use your account without and proton doesn’t ask for it. It’s a feature where you obviously are disclosing that piece of information and link two accounts. It’s either that or not using that feature.
It would be cool if they stored a hash of the recovery email, then you type it out during the recovery process and they can send if the hash matches what they got.
Sure, but that’s essentially a weaker recovery password (which also is an option in Proton).
Also that poses quite some challenges for email verification (say, you make a typo when you first write your address), let alone the fact that you won’t see what emails you have configured essentially, which is also bad UX.
I think it’s much simpler to have recovery email as it is and -if one doesn’t want to associate proton account with any other account- offer other recovery methods, which are available (phrase and phone number).
I disagree it would be the same as a password. They do use only the hash to validate the entry, that is the same. But then they send recovery to the email instead of proceeding in place. An attacker would have to both know the email and be able to access its inbox. (Or, less likely, generate a hash collision with an address they do control.)
I think they could do verification if they kept the plaintext address just long enough to send something out.
The UX of only being able to show hashes would be pretty unfortunate, sure. Maybe that’s a potential compromise if they kept just a first letter, likex***@example.com? Same number of stars in the interface regardless of the real length of email, to attempt to leak less info.
