In the “Import and Export” settings, the fork app recommends encrypting the user’s Syncthing configuration before exporting it to the backup path. I appreciate the option to backup my settings. This makes sense.
What doesn’t make sense - is that the export encryption password is stored in plain text in the app’s settings - and that the app opens on my device without any security hurdles.
Anyone else noticed this? Any suggested work-arounds?
I agree that the option to encrypt and backup the configuration is extremely valuable. It’s comforting to know that a bad actor can’t access the backup file store and ultimately access (or destroy) the synced data.
My comments were strictly related to having the encryption password in plain text inside the app’s settings. Would it be possible to hash the PW and/or store it in a asterisk ***** format? That way the user knows that there was a password used.
I have no data to support this, but I imagine that most syncthing users utilize a password manager application to store their secrets - so concerns about losing the future ability to decrypt and import the stored configuration shouldn’t pose a major problem.
I have no coding skills to assist with this. It’s not an urgent issue, and I am perfectly happy to wait as future improvements to Syncthing-Fork are rolled out.
Thanks for your great work on this project!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.