Encrypt Service Name !!!

[5andr0]

Why was service name not considered sensible when you added encryption? I'm not allowed to leak any of my sensible 2FA services, so I had to double check the code if my data is really 100% encrypted, but service name was NOT ENCRYPTED! It would be nice if I didn't have to add extra encryption to the database file manually before syncing it to the backup cloud.

I will leave a donation when this gets implemented!

[Bubka]

The decision was made to allow server-side filtering/searching on services. I understand it can be considered as sensitive as the secret or the email data though.

The unexpected part is that finally no server side filtering is implemented 😅.

I don't want to restrict the api capabilities completely, so I suggest to handle it via an admin option. Something like a yes/no checkbox called "Encrypt service names" and a legend explaining why and how it affects the behavior of the api. It could be set to On by default.

[5andr0]

I feel you man, it's hard to maintain an open source project for free. There's so many nice ideas, but not enough time 😅 I'll support you a bit with a donation, since this is the only option for a self hosted totp service with a nice UI. So thanks for making it public!

Just query all the users entries and decrypt them on the fly for filtering in php. There shouldn't be much of a performance impact compared to sql query filtering. Might be even faster if you cache the decrypted data

[Bubka]

Many thanks for your feedback and your sponsor. I hope to have some time in August to work on this, it will be at the top of the list.