S4ntiagoP
commented
1 year ago tbh this is a no for me, this doesn't actually protect the TS from an eventual compromise, it just adds extra steps for the attacker (obtain the password by bruteforcing or just backdooring the server and waiting). It adds extra complexity in exchange of no real benefit. I get that making this must have been hard and you surely dedicated many hours to make it work, but that's my opinion. There is just no recovery from server compromise, it's game over.
Added profile encryption/decryption. If implemented will also add data dir enc/dec