Ultra secure cloud sync?


#1

Hi,

I have some sensible passwords including some I use at work. So it’s not good anyway to upload that data to the cloud. And this is not a decision I can make myself - is my user password + Codebook encryption + Cloud service security is strong enough so I can upload the password database so potentially any hacker in the world could try to break it.

That’s why I use local wi-fi sync between phone and laptops. But this is a pain in the ass in case of corporate wi-fi environment or laptop default firewall settings. I have to setup bluetooth hotspot on the phone, turn off firewall, sometimes enter IP address and etc.

Any cloud solution is much better way to setup p2p data transfer. So Cloud is not only a place to store information but a way to easily establish connection and pass information between two devices behind firewalls.

So my suggestion is to enable a way to sync via cloud without storing there a database that can be decrypted using my “user password”. There are several possible technics:

  1. Enable additional superpassword or key-file that must be preshared by some offline procedure between devices and then destroyed.
  2. Use Cloud Drive files not as a database storage but as an encrypted protocol media with recycling the data that were already consumed and synced.
  3. To establish two one-way private/public key pairs for a couple of devices to exchange information like on SSL
  4. Instead of using certificates there can be an interactive timed “pairing” procedure that involves some confirmation by a used logged with a password, probably involving some extra temporal PINs.

Please think about creating a convenient and secure solution for sync. Thank you!


#2

Hello @fedor57

I would like to apologize for the delay in our response. We understand some customers wish to avoid cloud services such as Dropbox and Google Drive, which is why we have continued to include desktop WiFi synchronization as an option with our desktop client. As you point out, cloud synchronization tends to be easier in certain environments.

We have some thoughts on a future synchronization service that we would like to include with Codebook that will aim to narrow the attack vectors associated to moving data across the wire all the while extending various other synchronization features we do not currently offer. Unfortunately we are not in a position to share publicly this design yet. We thank you for providing your feedback.