I'm new to Syncovery, and loving the software so far.
I didn't find a lot of documentation about what the File / Password Protection menus actually do, so I'd like to ask specifically about some safety features that matter to me.
Encrypting Important Keys
A number of keys are really important. For instance, if someone can get AWS access keys just by parsing the program's config files, that would be a problem. Some programs offer to encrypt several important keys with a user password:
1. Access keys, Secret Keys
2. Keys for file encryption
3. Keys for filename encryption
@Tobias, in a pre-sale email, you already told me that point 1 is not fully implemented at the moment.
What about points 2 and 3 -- is that part of what File / Password Protection does?
If not, please allow me to request a feature to encrypt those sensitive keys. I am sure a lot of people will appreciate that additional safety.
Also, would greatly appreciate some explanation of the existing Password Protection feature: what exactly is encrypted, and how safe is that encryption (e.g. AES 256)?
If the information is already available elsewhere, sorry for asking, I could not find it.
Big Thanks!!!
[REQ] How Safe are our Access and Encryption Keys?
Moderator: BackupCreations Administrators
4 posts • Page 1 of 1
[REQ] How Safe are our Access and Encryption Keys?
by crash on Tue Nov 21, 2017 10:55 pm
- Attachments
-
- Passwords for Encryption.jpg (58.46 KiB) Viewed 1652 times
- crash
- Posts: 15
- Joined: Sat Nov 18, 2017 10:32 am
Re: [REQ] How Safe are our Access and Encryption Keys?
by superflexible on Wed Nov 22, 2017 4:46 pm
The password protection only prevents people from using the Syncovery GUI. It does not encrypt anything.
The Syncovery.ini file can be copied to other computers including the keys, so it is not very safe. You must prevent unauthorized access to the ini file.
I will try to find a better solution in a future update.
The Syncovery.ini file can be copied to other computers including the keys, so it is not very safe. You must prevent unauthorized access to the ini file.
I will try to find a better solution in a future update.
-
superflexible - Site Admin
- Posts: 2478
- Joined: Thu Dec 31, 2009 3:08 pm
Re: [REQ] How Safe are our Access and Encryption Keys?
by crash on Wed Nov 22, 2017 8:26 pm
I will try to find a better solution in a future update.
Thank you, that would be terrific.
Maybe a password to decrypt a file where the keys are kept? Access keys, secret keys, encryption keys.
That way even if someone can open Syncovery, without entering the password for the keys, no upload / download / encryption / decryption can take place.
On a related topic, I have seen it suggested that the passwords for content encryption and for file name encryption should not be the same. I am not an encryption specialist so I have no opinion on this topic. Would you be willing to share your thoughts on this question?
Here is a screenshot from a different program complaining when the file name encryption and content encryption passwords are the same.
- Backup-Passwords.jpg (68.99 KiB) Viewed 1650 times
- crash
- Posts: 15
- Joined: Sat Nov 18, 2017 10:32 am
Re: [REQ] How Safe are our Access and Encryption Keys?
by superflexible on Thu Nov 30, 2017 4:40 am
Hello,
that is certainly good advice, I will provide the option to have two separate passwords ASAP.
that is certainly good advice, I will provide the option to have two separate passwords ASAP.
-
superflexible - Site Admin
- Posts: 2478
- Joined: Thu Dec 31, 2009 3:08 pm
4 posts • Page 1 of 1