SchizoDuckie / DuckieTV

A web application built with AngularJS to track your favorite tv-shows with semi-automagic torrent integration
http://schizoduckie.github.io/DuckieTV/
Other
1.13k stars 273 forks source link

encrypt all passwords stored in usersettings #873

Open garfield69 opened 7 years ago

garfield69 commented 7 years ago

Encrypt the passwords for the torrent clients (and any others services) stored in the user settings so that the backup does not provide exposure.

SchizoDuckie commented 7 years ago

while i do agree this is needed, we thoroughly think this through.

garfield69 commented 7 years ago

agreed. I raised this in particular with the view to reducing exposure to users that upload a copy of the backup to the cloud for us to use when working on ticket problems.

SchizoDuckie commented 7 years ago

I would advise them to upload to a github issue and remove it upon download instead of 'the cloud'. this way we have control as soon as we see it.

garfield69 commented 7 years ago

My preliminary basic research and thoughts on the encryption topic.

Firstly, the Chrome JavaScript Stable API list https://developer.chrome.com/extensions/api_index does not yet contain any encryption services that I could find.
But I was thinking we could use CryptoJS https://code.google.com/archive/p/crypto-js/ , which I have used before when providing the ExtraTorrent search engine decryption.

Secondly, I am not in favour of encrypting the whole of the backup file, that is just too much hassle and I don't think is really necessary.
But I am in favour of just encrypting the torrent client passwords, and any other passwords we are saving in userPreferences.

To maintain backward compatibility, I thought to keep the current userPreference <client>.password keys, and create a additional key, for instance <client>.encrypted.

Whenever we want to use the passwords, we first check if <client>.encrypted is loaded, and decrypt and use that.
If <client>.encrypted is not loaded, we fall back to <client>.password, which if loaded, we encrypt and save to <client>.encrypted and then we set <client>.password to null.

This should allow us to import old backups.

I thought to just use one of the simpler encryption schemes, such as AES-256, with a hardcoded passphrase.