mirror of
https://github.com/rclone/rclone.git
synced 2025-01-11 08:49:37 +01:00
docs: unmystify how crypt stores encryption password in config
Without explaining exactly how this is generated, it can be confusing and worrying to not know how the password that encrypts your data is stored. This also brings peace of mind to the user that even though the same password is obscured differently each time, all the data to get back to the original password remains. Explaining how it works is much better than the reader of the documentation having to trust a blackboxy/magical mechanism.
This commit is contained in:
parent
304ee97944
commit
6765303de4
@ -101,10 +101,15 @@ y/e/d> y
|
|||||||
obscured so it isn't immediately obvious what it is. It is in no way
|
obscured so it isn't immediately obvious what it is. It is in no way
|
||||||
secure unless you use config file encryption.
|
secure unless you use config file encryption.
|
||||||
|
|
||||||
A long passphrase is recommended, or you can use a random one. Note
|
A long passphrase is recommended, or you can use a random one.
|
||||||
that if you reconfigure rclone with the same passwords/passphrases
|
|
||||||
elsewhere it will be compatible - all the secrets used are derived
|
The obscured password is created by using AES-CTR with a static key, with
|
||||||
from those two passwords/passphrases.
|
the salt stored verbatim at the beginning of the obscured password. This
|
||||||
|
static key is shared by between all versions of rclone.
|
||||||
|
|
||||||
|
If you reconfigure rclone with the same passwords/passphrases
|
||||||
|
elsewhere it will be compatible, but the obscured version will be different
|
||||||
|
due to the different salt.
|
||||||
|
|
||||||
Note that rclone does not encrypt
|
Note that rclone does not encrypt
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user