How safe are the encryption keys in version 9?
Posted: Thu Jan 28, 2021 11:25 pm
Hi Tobias,
First off, please ignore my email on the same topic as I was finally able to register to the forum, where the conversation may be helpful to more people.
At the time of Syncovery 7 or 8, on the old forum, I asked about the safety of encryption passwords. Specifically, I asked whether we could have an option to have a master password for the program, and to keep all encryption passwords encrypted using the master password. If encryption keys can be found or easily reverse-engineered, that defeats the purpose of encryption.
At the time I seem to recall that you said you'd look into it for version 9 (to which I upgraded today).
In version 9, I see the option "Password Protection" under the file menu, with an option to "Protect Starting the Program". Does this option also encrypt the encryption keys?
At the moment, in the main INI file, I see some passwords in plain text, but since those are different from the buckets, I assume they're encrypted. If so, how? Could someone decrypt them? If so, is there a way to make them more secure?
Thanks in advance for your reply,
-sc
First off, please ignore my email on the same topic as I was finally able to register to the forum, where the conversation may be helpful to more people.
At the time of Syncovery 7 or 8, on the old forum, I asked about the safety of encryption passwords. Specifically, I asked whether we could have an option to have a master password for the program, and to keep all encryption passwords encrypted using the master password. If encryption keys can be found or easily reverse-engineered, that defeats the purpose of encryption.
At the time I seem to recall that you said you'd look into it for version 9 (to which I upgraded today).
In version 9, I see the option "Password Protection" under the file menu, with an option to "Protect Starting the Program". Does this option also encrypt the encryption keys?
At the moment, in the main INI file, I see some passwords in plain text, but since those are different from the buckets, I assume they're encrypted. If so, how? Could someone decrypt them? If so, is there a way to make them more secure?
Thanks in advance for your reply,
-sc