Rclone 1.53.3 release

Rclone 1.53.3 has been released. Find it here https://rclone.org/downloads/

This is a security fix release to fix CVE-2020-28924.

Some passwords generated with rclone config may be insecure. In particular if you used the 'g' generate option with rclone v1.49 - v1.53.2 then your password will based on the second it was generated in. This means that there are fixed number of passwords in that period ~33 million.

• See issue #4783 for more details
• See the checking tool which can check config file for insecure passwords
• This was caused by a bit of careless refactoring by me - many apologies

FAQ for security issue

Am I affected?

If you have used rclone config to generate a password for you feature then you might be. Run the the checking tool to find out for sure

I've got an affected password - do I need to change it?

I recommend you change it, especially if it is for access to a remote service (eg FTP server).

What about crypt backends

I imagine most of these passwords are used in crypt backends.

For it to cause your private data to become public, firstly the encrypted data needs to become public, then the attacker would need to decode your encrypted data by guessing passwords.

If the attacker has no knowledge of when you made your key then there are about 33 million possible passwords. Because of the use of scrypt in rclone it takes about 50mS to check a key on my laptop. So to search the whole space would take about 19 CPU days which is a lot but well within reach of a determined attacker.

How do I change my crypt password

Unfortunately you will have to download and upload the data. The procedure would be:

• create a new crypt wrapping a new directory on the existing remote
• rclone copy or rclone move from old to new

v1.53.3 - 2020-11-19

See commits

• Bug Fixes
  • random: Fix incorrect use of math/rand instead of crypto/rand CVE-2020-28924 (Nick Craig-Wood)
    • Passwords you have generated with rclone config may be insecure
  • random: Seed math/rand in one place with crypto strong seed (Nick Craig-Wood)
• VFS
  • Fix vfs/refresh calls with fs= parameter (Nick Craig-Wood)
• Sharefile
  • Fix backend due to API swapping integers for strings (Nick Craig-Wood)

Seems the cloud is going to have some rainy days with everyone reuploading all their crypted data lol

hi, thanks for taking this seriously.

i am very confused about the output

i ran the check on two .config files.

• a password protected rclone.conf files, and the check less then one second
• plain text .conf files and the check took 50s
  each command had very different output

here is the output of both

passwordcheck c:\data\rclone\scripts\rclone.conf 
*** No insecure passwords found

passwordcheck c:\data\rclone\scripts\rclone.plaintext.conf 
2020/11/19 13:55:11 Looking through 39102911 seeds from seed 1566691200 generated at 2019-08-24 20:00:00 to seed 1605794111 generated at 2020-11-19 08:55:11 for 2 passwords of length 120 bits
2020/11/19 13:56:02 That took 51.235033s for 763206.515354 seeds/s
*** No insecure passwords found

Oh, yes, you'll have to decrypt the config. I should write that in the help I think.

please, i think the tool needs to be fixed, changing the documentation is not enough in this case.

• have the tool check for a password protected .conf file and complain
• add a flag to supply a password to allow the tool to decrypt the .conf file and then check

otherwise, the tool gives a false negative.
many users will think that their passwords are secure.

I've uploaded v1.0.1 of the tool which

• checks if the config file is encrypted and complains
• checks if no passwords were found and complains

Let me know if you find anything else which needs changing

both checks work.

*** No insecure passwords found
thanks for this tool and the security fix and of course taking this seriously.

@ncw thanks for patching rclone so quickly and making it easy to check. Thankfully I'm in the clear as downloading and uploading would have been a very arduous task for me.

The check only took 13.4s for me It used up 100% of my CPU so it'd be worth letting people know not to do it at an important time, as my work Teams call went bonkers for a few seconds!

root@Highlander:/mnt/user/public/passwordcheck# ./passwordcheck /boot/config/plugins/rclone/.rclone.conf
2020/11/20 15:19:04 Looking through 39194344 seeds from seed 1566691200 generated at 2019-08-25 01:00:00 to seed 1605885544 generated at 2020-11-20 15:19:04 for 18 passwords of length 304 bits
2020/11/20 15:19:17 That took 13.41996419s for 2920599.745654 seeds/s


*** No insecure passwords found

Great

Yes it is quite CPU intensive. I have probably the most complicated rclone.conf in existence and it took about 15 minutes to check my config file.

2020/11/20 15:19:17 That took 13.41996419s for 2920599.745654 seeds/s

That is about 10x quicker than my laptop though! What kind of rocket is that?

unRAID based Threadripper 2950X

@ncw Does the passwordcheck also work if it's a rclone generated password + rclone generated salt?

@ncw Could you update the Docker image to rclone 1.53.3? Thank you!

It does check them both, but if you find one of them compromised you should change both.

Foo! The docker build has broken. I'll attempt to fix up!

Sorry for this dumb question but if I have created a password myself but used the salt from rclone, I'm somewhat good?

hi,
the only way to know is to run the checker.

If the salt is a bad password then the security would rest on how good your password is. If it is a good one then you are effectively operating without salt which is OK if not recommended.

does the checker tool check both passwords and salts?

It does. However if you auto generated both password and salt then it will only detect the password as the random number generator will have moved on. You should change both if the password is a problem.