We use Blockstack for authentication. It is made on Bitcoin blockchain to store your private key that will be used to encrypt all of your stuff.
Making the master key will be done just the first time, and after that, every file gets a new password from the master one.
No matter what, all the files will be encrypted, so you always have control over your data — something like ProtonMail but for Office.
Just providing a bit of background. The private key is _not_ stored on the blockchain; only the hash of the public key is. And even then, there are a couple of layers of indirection between the Bitcoin transaction itself and the storage of your (app-specific) public key. Specifically, one Bitcoin transaction registers a batch of ~160 username/public-key-hash/profile-storage-URL bindings, and from there, the profile storage URL resolves to the user's list of application-specific public keys and application-specific storage URLs.
Pertaining to questions of scalability in other threads, 160 usernames/transaction, when operated at 8 250-byte transactions/block (about 3.4% of Bitcoin's capacity), works out to ~184,000 user registrations/day (about the same as Twitter). Moreover, usernames can be resolved to public keys and storage URLs while the underlying transaction is being confirmed, so users don't have to wait to start using applications. All other user state is stored off-chain in the user's chosen storage provider, managed by a Gaia hub (Gaia being Blockstack's storage system: https://github.com/blockstack/gaia).
With what key are you encrypting someone else's private key? And who holds this master key?
I would love it if you could link a technical deep dive into how Blockstack fundamentally works because I've gotten very few answers from both implementors and founders, and their existing documentation isn't at all helpful.
You (the user) hold the master key. It's generated for you when you sign up for a Blockstack ID. From there, the authenticator generates a per-ID, per-application key-pair via BIP32 -- each app key is a hardened child whose path is generated from the key that owns the ID on-chain and the hash of the application's DNS origin.
Authentication happens completely client-side. The Blockstack authenticator registers itself as a protocol handler for the "blockstack:" protocol, such that when you click a sign-in button, you will be redirected to your locally-running authenticator (or to a hosted version of the same, if you don't have the authenticator installed). The authenticator stores your master key, and will derive the ID- and application-specific key-pair for you when you select the ID to sign in as.
Once you sign in, the authenticator redirects you back to the application. The authenticator passes the app the Blockstack ID and application-specific private key via the URL string (encrypted with an ephemeral ECDSA key generated by the app on sign-in), and the blockstack.js library fetches and downloads the user's profile to learn the storage endpoint(s) as part of completing the sign-in. In so doing, the application learns the storage endpoint to which to GET and POST user data, and learns the key to use to sign/encrypt it and to authenticate to the user's preferred storage (access to which is mediated by a Gaia hub that the user selects when onboarding).
Agreed that a deep dive with protocol diagrams would be handy. We're working on it! :)
Each of your documents has a different key generated from your private key and are encrypted in your private hub with ECDSA encryption. So no server can compromise your data.
