How safe are the encryption keys in version 9?

[synchronicity]

Hi Tobias,

First off, please ignore my email on the same topic as I was finally able to register to the forum, where the conversation may be helpful to more people.

At the time of Syncovery 7 or 8, on the old forum, I asked about the safety of encryption passwords. Specifically, I asked whether we could have an option to have a master password for the program, and to keep all encryption passwords encrypted using the master password. If encryption keys can be found or easily reverse-engineered, that defeats the purpose of encryption.

At the time I seem to recall that you said you'd look into it for version 9 (to which I upgraded today).

In version 9, I see the option "Password Protection" under the file menu, with an option to "Protect Starting the Program". Does this option also encrypt the encryption keys?

At the moment, in the main INI file, I see some passwords in plain text, but since those are different from the buckets, I assume they're encrypted. If so, how? Could someone decrypt them? If so, is there a way to make them more secure?

Thanks in advance for your reply,

-sc

[tobias]

Hello,
thanks for the reminder! Unfortunately, nothing has changed in this area in recent years. I hope to implement config file security soon. As it is now, the Syncovery.ini file has to be considered confidential, because password encryption is weak.

[synchronicity]

Thank you for replying, Tobias.
What does the File / Password Protection option do exactly? Does it encrypt the keys present in the ini file?
Thanks in advance for any insights.
Also, looking forward to any enhancements in this area.

[tobias]

Hi,
it currently only restricts usage of the program, but it's not related to protecting the config file. I will work on this ASAP.

[tiagocoelho2]

This would be very relevant to the security of syncovery.

[tobias]

Thanks, I will work on this next week.

[Contractor5Prepays9]

tobias, hello, was browsing the forum,
any update on the encryption, this topic?
I had also inquired about this, couple years ago
thanks
nick

[tobias]

Hello,
it has been delayed a bit due to other requests and issues, but I have definitely scheduled it for Syncovery 9.40 which should happen this summer.

I have already designed the GUI where the user chooses the desired encryption level. There will be different choices such as: encrypt passwords only, encrypt all settings etc.

[synchronicity]

Hello,
it has been delayed a bit due to other requests and issues, but I have definitely scheduled it for Syncovery 9.40 which should happen this summer.

I have already designed the GUI where the user chooses the desired encryption level. There will be different choices such as: encrypt passwords only, encrypt all settings etc.

That sounds promising. Looking forward to the new version. Thank you, Tobias.

[Contractor5Prepays9]

any progress on the password protection?
thanks
nick