Are backups encrypted? #602
-
Hi there, Sorry if this isnt the right place to ask this - I couldn't find anywhere else. I have been using the automatic backup feature and I didn't know if it was safe to continue doing so if someone gained access to my dropbox, for instance. I wanted to know if the "password protected backup" stores the authenticator secret in an encrypted manner? When I open the .json file it creates, I can see various things in plaintext, and I wasn't sure if any of this could be used to re-create the one time passwords. I see there are two fields - 'hash' and 'secret'. Are these useless without the password? Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 5 replies
-
Backups are encrypted by default, and you will see some red warning text if you disable it. To check this setting go to In terms of the backup format: the The data that is not encrypted does not allow attackers to reconstruct OTPs, but it may give them your email or the website that the account is used on. |
Beta Was this translation helpful? Give feedback.
-
Thanks. I appreciate the explanation.
I dont know if this would be too complicated, but wouldn't it provide a
little more security to just encrypt the entire thing? That way you dont
give up usernames or even what websites you might have passwords to.
…On Sun, Feb 28, 2021 at 10:26 PM mymindstorm ***@***.***> wrote:
Backups are encrypted by default, and you will see some red warning text
if you disable it. To check this setting go to Storage & Backup -> Dropbox
-> Encrypted dropdown should show Yes.
In terms of the backup format: the hash field on individual accounts is
actually a random UUID, and it is just used as an internal ID. The secret
field is encrypted with the value in key which is encrypted by your
actual password and hashed with argon2 (all encryption is done with
AES-256). All other account metadata is unencrypted.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#602 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ARJNN6INW36NIAIEZJJL323TBMCQHANCNFSM4YLYFU4Q>
.
|
Beta Was this translation helpful? Give feedback.
-
I'm a bit confused. 😕 The project website states: Encrypted backups not supported What does this refer to, exactly? The restore process for backups from other apps? 🤔 Or does the website need to be updated? |
Beta Was this translation helpful? Give feedback.
Backups are encrypted by default, and you will see some red warning text if you disable it. To check this setting go to
Storage & Backup
->Dropbox
->Encrypted
dropdown should showYes
.In terms of the backup format: the
hash
field on individual accounts is actually a random UUID, and it is just used as an internal ID. Thesecret
field is encrypted with the value inkey
which is encrypted by your actual password and hashed with argon2 (all encryption is done with AES-256). All other account metadata is unencrypted.The data that is not encrypted does not allow attackers to reconstruct OTPs, but it may give them your email or the website that the account is used on.