Disaster Worst Case Recovery Scenario from an Untrusted Encrypted Backup Storage, even without Syncovery

General Discussion in English
rearward
Posts: 12
Joined: Mon May 23, 2022 12:53 pm

Disaster Worst Case Recovery Scenario from an Untrusted Encrypted Backup Storage, even without Syncovery

Post by rearward »

Files are backed-up to an untrusted storage by Syncovery with the following settings:
- Compress Each File Individually with .zip
- Encrypt Files Copied Left to Right AES256
- Encrypt File Names
- Encrypt Folder Names

Restoring files/folders to any destination with Syncovery:
- No problem.

Assume that you need to access some files from the aforementioned backup storage with a smart phone.
Thanks to the choice of standard zip file format by Syncovery, you can download any file and decrypt it on your phone.

The only problem is the encrypted folder and file names.

It would be great if there was a file on the untrusted storage that lists all the unencrypted folder/file names with the corresponding encrypted folder/file names.

After the job finishes, Syncovery could create this list file (in TSV, XML, etc), encrypt and copy with the prefixed folder and file name (for easy access) to the right.

tobias
Posts: 1603
Joined: Tue Mar 31, 2020 7:37 pm

Re: Disaster Worst Case Recovery Scenario from an Untrusted Encrypted Backup Storage, even without Syncovery

Post by tobias »

Hello,
thanks for the request, I will check what can be done!


IMTheNachoMan
Posts: 86
Joined: Sun Nov 20, 2022 5:11 am

Re: Disaster Worst Case Recovery Scenario from an Untrusted Encrypted Backup Storage, even without Syncovery

Post by IMTheNachoMan »

If you have a file with the unencrypted folder/file names, why even encrypt the file/folder names in the first place?

I think what might make the most sense is to encrypt this file using the same encryption as the other files but do not encrypt the name of this file. So the file could/would be something like file list.txt.zip or something. So you know what file to download and extract/decrypt to find the file you want.

rearward
Posts: 12
Joined: Mon May 23, 2022 12:53 pm

Re: Disaster Worst Case Recovery Scenario from an Untrusted Encrypted Backup Storage, even without Syncovery

Post by rearward »

IMTheNachoMan wrote:
Mon Nov 28, 2022 5:19 am
If you have a file with the unencrypted folder/file names, why even encrypt the file/folder names in the first place?
I do not have that file and do not know a way to create one.

If I had a list of unencrypted file names with corresponding encrypted file names, that would solve my problem. :)

IMTheNachoMan
Posts: 86
Joined: Sun Nov 20, 2022 5:11 am

Re: Disaster Worst Case Recovery Scenario from an Untrusted Encrypted Backup Storage, even without Syncovery

Post by IMTheNachoMan »

No, I mean, if you have a file on the untrusted storage with the encrypted and unencrypted file/folder mapping, why even encrypt the files/folders in the first place?

If someone gets access to your untrusted storage, they will see that file, and use it to know what your files/folders are.

Contractor5Prepays9
Posts: 76
Joined: Wed Sep 23, 2020 10:38 pm

Re: Disaster Worst Case Recovery Scenario from an Untrusted Encrypted Backup Storage, even without Syncovery

Post by Contractor5Prepays9 »

to nachoman
i used to do what you are doing.
i am a retired physician. i utilize (d) each and every security method, including the encrypted file names.

BUT, i started to think - I am not a nuclear missle designer; i have data that, while sensitive, is fairly well protected if i have a strong (30+ character) encryption password;
and, in file names, i made sure to NOT include full accont numbers or other identifying data; if it were financial, i'd include the last couple digits, just so i knew what account it was representing.

THAT way, for your scenario, i CoULD download the encrypted ZIPPED file, on the phone or other mobile device, and decrypt it with the password.

AND, I started to change passwords from cryptic characters to nonsensical phrases
BrandtWillOweMyWhaler, for example.
this way, if i had to TYPE the password, it was easier to type words instead of oddball characters.

anyway, just some obxervations from a long time syncovery user, who has gone through tons of security considerations (bitlocker, truecrypt, Veracrypt, syncovery)
nick

IMTheNachoMan
Posts: 86
Joined: Sun Nov 20, 2022 5:11 am

Re: Disaster Worst Case Recovery Scenario from an Untrusted Encrypted Backup Storage, even without Syncovery

Post by IMTheNachoMan »

No, I am sorry, I am not explaining properly.

I am not doing anything.

I am simply trying to understand, why would you bother encrypting the file names if you have a text file with the details.

If a bad guy gets in to your data, they will see that text file and they will know what files you have. Or am I misunderstanding?

Contractor5Prepays9
Posts: 76
Joined: Wed Sep 23, 2020 10:38 pm

Re: Disaster Worst Case Recovery Scenario from an Untrusted Encrypted Backup Storage, even without Syncovery

Post by Contractor5Prepays9 »

somewhat correct.
if thieves got my onedrive files, for example, they might see the file names ,but can 't see the contents.
BUT, for safety, i make sure in my file NAMES that i don't include sensitive data such as an account number.
example
statement monthly
Citi-23-20221215.pdf
the statement for a citibank statement of card ending in ...23

i USED to have full numbers in there, but i changed that years ago.
so, they might see last two numbers, but can't see inside the file, etc

same for medical records, insurance policies, etc.
some reasonable attention to security when CREATING the file name can protect what it is.

and if a thief got your files, it would be hard to figure out the important details inside, as they can't (probably can't, unless they are the NSA), decript the files

and THAT means that they had to get through the encryption of Onedrive, or breach their servers,etc

it comes down to how much time you want to spend (and believe me, i've spent TOO MUCH time over my life on implementing all steps to protect this stuff) on doing this. Or do you implement a reasonable system of security, use long passwords, don't leave computers lying around, make sure laptops are encrypoted (ewven desktop units), and still do back ups with encryption on the uploads.

and by big german shepherd dogs for your house :-)

rearward
Posts: 12
Joined: Mon May 23, 2022 12:53 pm

Re: Disaster Worst Case Recovery Scenario from an Untrusted Encrypted Backup Storage, even without Syncovery

Post by rearward »

IMTheNachoMan wrote:
Sat Dec 10, 2022 8:02 pm
No, I am sorry, I am not explaining properly.

I am not doing anything.

I am simply trying to understand, why would you bother encrypting the file names if you have a text file with the details.

If a bad guy gets in to your data, they will see that text file and they will know what files you have. Or am I misunderstanding?
Worst Case Scenario:

You are in another country, far far away from you home/office.
You have your laptop and phone with you.
You have synced your files to an untrusted SFTP file server in the cloud. All the files and file/folder names are encrypted.

Your laptop has crashed. It does not even boot up. No way to recover. Hardware failure.

You can access your encrypted files in the cloud with your phone.
You have the password but you don't know which file is which. All the file/folder names are encrypted.
There is no Syncovery App for your phone.

Best Solution: Syncovery iOS/Anroid App
Availability: A Few Months/Years or never


Fastest Solution:

Put an encrypted .TSV file on untrusted cloud server which is just a list of unencrypted file names and their encrypted counterparts.
Put this file in a specific folder with a known file name.

When needed, download this file to your phone.
Decrypted it with known password.
Find the encrypted folder and file name of the file you need within the .TSV file.
Download it and decrypt it.

Post Reply