How safe are the encryption keys in version 9?

English Support for Syncovery on Windows.
Post Reply
synchronicity
Posts: 2
Joined: Thu Jan 28, 2021 11:17 pm

How safe are the encryption keys in version 9?

Post by synchronicity »

Hi Tobias,

First off, please ignore my email on the same topic as I was finally able to register to the forum, where the conversation may be helpful to more people.

At the time of Syncovery 7 or 8, on the old forum, I asked about the safety of encryption passwords. Specifically, I asked whether we could have an option to have a master password for the program, and to keep all encryption passwords encrypted using the master password. If encryption keys can be found or easily reverse-engineered, that defeats the purpose of encryption.

At the time I seem to recall that you said you'd look into it for version 9 (to which I upgraded today).

In version 9, I see the option "Password Protection" under the file menu, with an option to "Protect Starting the Program". Does this option also encrypt the encryption keys?

At the moment, in the main INI file, I see some passwords in plain text, but since those are different from the buckets, I assume they're encrypted. If so, how? Could someone decrypt them? If so, is there a way to make them more secure?

Thanks in advance for your reply,

-sc

tobias
Posts: 482
Joined: Tue Mar 31, 2020 7:37 pm

Re: How safe are the encryption keys in version 9?

Post by tobias »

Hello,
thanks for the reminder! Unfortunately, nothing has changed in this area in recent years. I hope to implement config file security soon. As it is now, the Syncovery.ini file has to be considered confidential, because password encryption is weak.

synchronicity
Posts: 2
Joined: Thu Jan 28, 2021 11:17 pm

Re: How safe are the encryption keys in version 9?

Post by synchronicity »

Thank you for replying, Tobias.
What does the File / Password Protection option do exactly? Does it encrypt the keys present in the ini file?
Thanks in advance for any insights.
Also, looking forward to any enhancements in this area.

tobias
Posts: 482
Joined: Tue Mar 31, 2020 7:37 pm

Re: How safe are the encryption keys in version 9?

Post by tobias »

Hi,
it currently only restricts usage of the program, but it's not related to protecting the config file. I will work on this ASAP.

tiagocoelho2
Posts: 16
Joined: Sun Jul 19, 2020 10:25 am

Re: How safe are the encryption keys in version 9?

Post by tiagocoelho2 »

This would be very relevant to the security of syncovery.

tobias
Posts: 482
Joined: Tue Mar 31, 2020 7:37 pm

Re: How safe are the encryption keys in version 9?

Post by tobias »

Thanks, I will work on this next week.

Post Reply