How safe are the encryption keys in version 9?

English Support for Syncovery on Windows.
synchronicity
Posts: 3
Joined: Thu Jan 28, 2021 11:17 pm

How safe are the encryption keys in version 9?

Post by synchronicity »

Hi Tobias,

First off, please ignore my email on the same topic as I was finally able to register to the forum, where the conversation may be helpful to more people.

At the time of Syncovery 7 or 8, on the old forum, I asked about the safety of encryption passwords. Specifically, I asked whether we could have an option to have a master password for the program, and to keep all encryption passwords encrypted using the master password. If encryption keys can be found or easily reverse-engineered, that defeats the purpose of encryption.

At the time I seem to recall that you said you'd look into it for version 9 (to which I upgraded today).

In version 9, I see the option "Password Protection" under the file menu, with an option to "Protect Starting the Program". Does this option also encrypt the encryption keys?

At the moment, in the main INI file, I see some passwords in plain text, but since those are different from the buckets, I assume they're encrypted. If so, how? Could someone decrypt them? If so, is there a way to make them more secure?

Thanks in advance for your reply,

-sc

tobias
Posts: 1603
Joined: Tue Mar 31, 2020 7:37 pm

Re: How safe are the encryption keys in version 9?

Post by tobias »

Hello,
thanks for the reminder! Unfortunately, nothing has changed in this area in recent years. I hope to implement config file security soon. As it is now, the Syncovery.ini file has to be considered confidential, because password encryption is weak.

synchronicity
Posts: 3
Joined: Thu Jan 28, 2021 11:17 pm

Re: How safe are the encryption keys in version 9?

Post by synchronicity »

Thank you for replying, Tobias.
What does the File / Password Protection option do exactly? Does it encrypt the keys present in the ini file?
Thanks in advance for any insights.
Also, looking forward to any enhancements in this area.

tobias
Posts: 1603
Joined: Tue Mar 31, 2020 7:37 pm

Re: How safe are the encryption keys in version 9?

Post by tobias »

Hi,
it currently only restricts usage of the program, but it's not related to protecting the config file. I will work on this ASAP.

tiagocoelho2
Posts: 37
Joined: Sun Jul 19, 2020 10:25 am

Re: How safe are the encryption keys in version 9?

Post by tiagocoelho2 »

This would be very relevant to the security of syncovery.

tobias
Posts: 1603
Joined: Tue Mar 31, 2020 7:37 pm

Re: How safe are the encryption keys in version 9?

Post by tobias »

Thanks, I will work on this next week.

Contractor5Prepays9
Posts: 76
Joined: Wed Sep 23, 2020 10:38 pm

Re: How safe are the encryption keys in version 9?

Post by Contractor5Prepays9 »

tobias, hello, was browsing the forum,
any update on the encryption, this topic?
I had also inquired about this, couple years ago
thanks
nick

tobias
Posts: 1603
Joined: Tue Mar 31, 2020 7:37 pm

Re: How safe are the encryption keys in version 9?

Post by tobias »

Hello,
it has been delayed a bit due to other requests and issues, but I have definitely scheduled it for Syncovery 9.40 which should happen this summer.

I have already designed the GUI where the user chooses the desired encryption level. There will be different choices such as: encrypt passwords only, encrypt all settings etc.

synchronicity
Posts: 3
Joined: Thu Jan 28, 2021 11:17 pm

Re: How safe are the encryption keys in version 9?

Post by synchronicity »

tobias wrote:
Wed Jun 16, 2021 9:56 pm
Hello,
it has been delayed a bit due to other requests and issues, but I have definitely scheduled it for Syncovery 9.40 which should happen this summer.

I have already designed the GUI where the user chooses the desired encryption level. There will be different choices such as: encrypt passwords only, encrypt all settings etc.
That sounds promising. Looking forward to the new version. Thank you, Tobias. :-)

Contractor5Prepays9
Posts: 76
Joined: Wed Sep 23, 2020 10:38 pm

Re: How safe are the encryption keys in version 9?

Post by Contractor5Prepays9 »

any progress on the password protection?
thanks
nick

Post Reply