Closed dmoonfire closed 4 years ago
Are configuration files expected to be portable from machine to machine, user to user?
If not, perhaps the "password" value could instead be a string that acts as a serviceID, and the real password is stored in the os level keying. Using something like https://github.com/zalando/go-keyring
The config file is currently portable indeed. Also seeing how Beehive is usually run on a server and not on the desktop, I'm not sure a key-ring that needs to be unlocked manually is the right approach. We'll think about this some more.
If you use the salt in the configuration, it would be portable since you would hopefully use the same algo (like AES) which is universal. The advantage is that you can't use a rainbow table easily to figure it out since you'd have to hash the entire keyspace to find it instead of using the pre-generated table.
If you allowed for a machine key or another approach, then it wouldn't be portable but it would be more secure since then you'd have to have the hardware to guess the password.
Would we be open to encrypting the entire configuration file like rclone does?
I've recently extracted the crypto from rclone for some other projects that I have: https://github.com/rubiojr/fcrypto
@rubiojr Yeah, I think that makes the most sense: "simply" encrypt the entire config file. Open for PRs, of course!
@muesli happy to take care of that. My plan was to do it after we merge the config package refactor in https://github.com/muesli/beehive/pull/251. Thoughts?
Implemented a quick proof of concept, would look something like https://gist.github.com/rubiojr/53c9de66138e8f1c29fd776ca0ddd2ff (on top of #251).
Should be portable across different platforms.
Even though it would only slow down some people a little while, I think it would be better to have some of the configuration values encrypted.
I'd probably just use AES encryption and store the password there, that way there is slightly more effort to decrypt it instead of scanning a filesystem.
You could use different methods for storing the salt (machine ID, cryptography API, etc). The main part is to make it slightly harder to get the passwords and secrets than just grabbing a file.