From https://rclone.org/crypt/, I see that:
This makes for deterministic encryption which is what we want - the same filename must encrypt to the same thing otherwise we can’t find it on the cloud storage system.
This means that
- filenames with the same name will encrypt the same
- filenames which start the same won’t have a common prefix
What I’m wondering is if, instead, we can generate a salt to encrypt the filename and store it in encrypted form along with the file (in the form
<filename>.salt.bin for files and a
.salt.bin file for directories). That way, we get stronger encryption of the file and folder names.
Of course, I presume this would lead to slower syncs if these files were only stored in the remote - I’m wondering if, as an option, we could store the salts in
~/.local/share/rclone/crypt/ or something so that we could read the salts without having to go to the remote.
There are probably a ton of other things to think through - this just came to my mind when I was reading through the
crypt docs to get a better understand of how it works.
To additionally speed it up, you could also store the original names in an encrypted
<filename>.name.bin file (which stores the path however you deal with it in the
crypt code), which means you can always recover the encrypted name given what you have on the remote and also (mostly) guarantees unique encrypted names even when the unencrypted name is something super common (say,