DuckieTV icon indicating copy to clipboard operation
DuckieTV copied to clipboard

Published 20 hours ago verified publisher icon SchizoDuckie

encrypt all passwords stored in usersettings

Open garfield69 opened this issue 7 years ago • 4 comments

Encrypt the passwords for the torrent clients (and any others services) stored in the user settings so that the backup does not provide exposure.

garfield69 avatar Mar 14 '17 21:03 garfield69

while i do agree this is needed, we thoroughly think this through.

  • are we going to store everything in localstorage encrypted already?
  • if so, how do we unlock it? how often? that could be annoying
  • alternatively, we could just prompt the user for a password for the backups / restore
  • need to handle backups that are not encrypted yet
  • does chrome provide us with anything useful?

SchizoDuckie avatar Mar 14 '17 21:03 SchizoDuckie

agreed. I raised this in particular with the view to reducing exposure to users that upload a copy of the backup to the cloud for us to use when working on ticket problems.

garfield69 avatar Mar 14 '17 21:03 garfield69

I would advise them to upload to a github issue and remove it upon download instead of 'the cloud'. this way we have control as soon as we see it.

SchizoDuckie avatar Mar 14 '17 21:03 SchizoDuckie

My preliminary basic research and thoughts on the encryption topic.

Firstly, the Chrome JavaScript Stable API list https://developer.chrome.com/extensions/api_index does not yet contain any encryption services that I could find.
But I was thinking we could use CryptoJS https://code.google.com/archive/p/crypto-js/ , which I have used before when providing the ExtraTorrent search engine decryption.

Secondly, I am not in favour of encrypting the whole of the backup file, that is just too much hassle and I don't think is really necessary.
But I am in favour of just encrypting the torrent client passwords, and any other passwords we are saving in userPreferences.

To maintain backward compatibility, I thought to keep the current userPreference <client>.password keys, and create a additional key, for instance <client>.encrypted.

Whenever we want to use the passwords, we first check if <client>.encrypted is loaded, and decrypt and use that.
If <client>.encrypted is not loaded, we fall back to <client>.password, which if loaded, we encrypt and save to <client>.encrypted and then we set <client>.password to null.

This should allow us to import old backups.

I thought to just use one of the simpler encryption schemes, such as AES-256, with a hardcoded passphrase.

garfield69 avatar Mar 16 '17 02:03 garfield69