Password field in rclone config changed using the same password

What is the problem you are having with rclone?

Hi just started using rclone. I configured GDrive as backend, and configured a subfolder with the crypt module. Soon after, I did the same on another PC, using the same exact passphrase. A proof to this, is that I can see from the new PC all the files I uploaded from the first one. When I went to the configuration file, however, the password = ... field under [crypt_drive] (that's the name I used for the encrypted folder) was different for the two PCs. So, I tried editing the configuration on both PC using rclone config, then e option, select crypt_drive, etcera.. I left all values to the default (n, for unchanged) but the password one. Here I inserted the same password again, saved the configuration and exit rclone config. Then went back to see the password = ... field in the .config/rclone/rclone.conf file and it was changed again, on both machines, to values different from the before ones. But still, on both machine can see the uploaded files.. How is this even possible? Shouldn't that field just be a password hash? How can it give access to all files if it is not the same?

What is your rclone version (output from rclone version)

rclone v1.53.0
- os/arch: linux/amd64
- go version: go1.15.1

Which OS you are using and how many bits (eg Windows 7, 64 bit)


Which cloud storage system are you using? (eg Google Drive)

Google Drive

This is expected

The obscured password is an encrypted version of the password.

Rclone needs the full password to give to the storage provider.

The encryption used has a random initialisation vector which means it is different each time

The encryption isn't designed to be secure, it is designed to prevent "eyedropping"

If you want security then use config file encryption.

Thanks for the fast reply.
If I use config file encryption, wouldn't it increase security only on my PC? I mean, it should have nothing to do with the storage provider, right?
Also, with

Rclone needs the full password to give to the storage provider.

Do you mean that the full password is passed to GDrive or what?
Thanks again

Only on your PC, yes. It protects if the config files is stolen for example.

Gdrive is a bad example bad it doesn't use passwords it uses tokens via oauth.

However if you had an FTP remote then it would need the full password to pass to the server.

Well, that is just to access GDrive. What I was referring to is the crypt subfolder. That one is decrypted locally, I guess (and hope)..

Yes, you are right, the password for the crypt remote is decrypted and used locally only.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.