Masking of Enpass App Folder & Enpass vault files stored in a cloud account

[Thoughts?]

Could Enpass consider modifying the names of the App folder and enpasssync and enpassattach files stored inside a user’s chosen cloud-stored folder?

Although the files are encrypted, if a user’s Google, OneDrive etc. cloud account was hacked, an Enpass app folder containing an Enpass vault and attachments, does make it a more obvious target for hackers, than if the folder and files were given more obscure names. Currently, the folder and file names make it obvious which app was used to create the files.

My suggestion is not about additional encryption, but purely a ‘masking’ of the folder and file names to better hide them, if a user’s cloud account was hacked.

Thank you.

[Gulshan Dogra]

Hi @Thoughts?,

Thank you for reaching out to us. 

12 hours ago, Thoughts? said:

Although the files are encrypted, if a user’s Google, OneDrive etc. cloud account was hacked, an Enpass app folder containing an Enpass vault and attachments, does make it a more obvious target for hackers, than if the folder and files were given more obscure names. Currently, the folder and file names make it obvious which app was used to create the files.

In a nutshell, your cloud works only as a storage medium and no cryptographic operation (encryption or decryption) is performed there. All such operations are performed locally on your device (your data never leaves your device in an unencrypted format). Even if a hacker gets access of your Cloud credentials still he will be required to enter Enpass Master Password to decrypt that file.

12 hours ago, Thoughts? said:

My suggestion is not about additional encryption, but purely a ‘masking’ of the folder and file names to better hide them, if a user’s cloud account was hacked.

I have duly noted down your feedback and it has been forwarded to the concerned team for further consideration. We appreciate your patience in the meantime.

#SI-2451

[Thoughts?]

Hello Gulshan - Thank you for taking the time to reply. 

Just to clarify, I do understand the cloud is purely the storage medium and not involved in any encryption process, and why my suggestion was that the Enpass app folder, the vault and attachment files be randomly named, before being uploaded to the cloud. 

As you say, if a hacker gets access to the files, they would still require the master password. My thought is, if a hacker had no idea what the files were, in the first place, they are far more likely to be discarded or ignored. Currently, an Enpass app folder stands out, and its name tells the hacker the software used to create the files inside, making it more of a target.

Thanks for your time.

Edited November 20, 2021 by Thoughts?