Question:
since rclone does not save encrypted.conf ig password
and is using NaCl - very secure method with one time nonce
and access is protected with htpasswd file with BCRYPT hashes
and gdrive: is crypt share
and transfer to client is over ssl
is it possible that VPS owner will see my files?
Even if he will do memory dump - NaCl is very secure encryption method, and rclone does not save password in memory, it would be not usable since nonce is only one time in this secretbox.
Also Bcrypt with strong password htpsswd is very secure.
What vps owner would have to do to crack into my files?
(lets skip possibility where vps owner recompiles rclone and kills mine replacing with his doctored version)
If the VPS owner could use a memory dump then they could probably recover some unencrypted data (which will be in the memory transiently). rclone will store the key to the crypt in memory too (it needs to to decrypt stuff) so if they could potentially find that. rclone will also have the decrypted config file in memory (or at least the tokens).
So I think if the VPS provider can dump the memory of rclone they will be able to see your files. That wouldnât be particularly easy, but it would be possible.
Iâm pretty sure there are plenty of ways for an attacking VPS owner to snoop on your tty (or whatever is used to enter the password). I remember even back in the 90s there were tools you could run on your server (albeit on the same non-virtualized os) that would keylog the people logged in remotely.
Does go alllow to use mprotect mlock madvise PROT_NONE or some other memory protect functions?
can rclone use that to forbid dumping memory, swap reading etc?
I have a similar but slightly different question: what if the jobs in this cloud VM were executed with scheduling? Is there any way to protect passwords? Or anyone with access to the keyring would have access to the storages of origin and destination?
Youâll always have to trust some machine. You can encrypt the credentials but then you need to supply a password. You could store the credentials on a trusted machine and use that machine to manage the sync running remotely I believe. I think I saw an issue similar to this from mholt.
Found what I was looking for but it isnât âquiteâ what you asked but referencing it anyway as you get what I mean.
What would be nice is to run a daemon mode without credentials and use ârcâ to remote execute by supplying the credentials. I know work was done on RC but I am not sure if this ever made it in or into an issue.
maybe like when someone type password, to keep decrypted config in such memory protected area.
If thats not happening already.
If currently after entering password, decrypted config information are stored in some not protected area, i propose to use that mechanism to store this temporary decrypted config info from entering password in protected memory region.
But such option, for example
âkeep-decrypted-password-time = 1s to MAX_TIME_USER_CHOOSE