gmaddry Posted February 14, 2017 Report Share Posted February 14, 2017 I would like to suggest having separate encryption for cloud syncing . This would enable have a really long password for the cloud. I use a non trivial password, but it is not nearly as secure as a random 30 character mixed case and symbols would be. mSecure currently has this feature but is dropping cloud sync with its next release. I don't know how difficult this would be to implement but since you already use a separate file for sync I hope it would be easy enough to add to your road map. It would give me a better sense of security knowing my cloud file had a very secure password. Link to comment Share on other sites More sharing options...
Anshu kumar Posted February 15, 2017 Report Share Posted February 15, 2017 Hi @gmaddry, Thanks for writing-in. Technically this is not possible with Enpass. We use SQLCipher for data encryption which does the 100% encryption of data file using the master password, so if we use a random password for encrypting that file, the same password would be required while restoring that file on another device. Any convenience to achieve this target would definitely require to save that password somewhere, leading to security hole. Cheers! Link to comment Share on other sites More sharing options...
gmaddry Posted February 17, 2017 Author Report Share Posted February 17, 2017 Thanks for the reply. The cloud password would be stored in the local database encrypted by the master password. Isn't there a separate database called dropbox.db? And isn't that the one synced to dropbox. Even with the above I am not disputing that a separate password is not possible. Link to comment Share on other sites More sharing options...
Hemant Kumar Posted April 26, 2017 Report Share Posted April 26, 2017 Hi @gmaddry, That means the file on cloud would be encrypted with a stronger password which user won't be able to restore on another device without providing that stronger (probably unknown, if auto generated), and this whole scenario would be very confusing for some users. The best and most secure way out is to use a strong master password. Cheers! 1 Link to comment Share on other sites More sharing options...
Recommended Posts