On Nextcloud Passwords security

Hi,

I guess this is a somewhat common question, as I’ve seen some already discussing this but not as broader as I would like.

My questions here are the following:

  • How is the client and server protected from read-in-memory exploits, on the Android App?
  • What kind of encryption/ciphers is used on the server? What is the master secret and is it possible to, with the master secret, decrypt the contents offline?
  • On the Android App what is the method for caching the credentials?
  • On the Android App, is certificate validation in place to prevent against a MitM attack?

Essentially, I would like to open a topic to discuss the security aspects of this solution. If someone would like to ask more questions on the security topic, please feel free to do so.

Hello,
By default, there is no encryption on server side. What master key are you talking about ?

I’ve defined it as encrypted on server side. The master secret is the secret all passwords are encrypted with. Otherwise they are just stored in plaintext

If secure access is of paramount importance, use two-factor authentication.
Not soft tokens TOTP/HOTP but WebAuthn hardware keys, e.g. FIDO2, Yubikeys…

The data on the server is not encrypted at rest by default. Normally it is only encrypted in transit (HTTPS). Nextcloud can encrypt user files at rest, but the purpose of this according to the documentation is to protect files stored externally (e.g. on Dropbox via Nextcloud). It does not protect your data from physical server theft or other compromise because the keys are already on the server so Nextcloud can work with the data, therefore someone with access to the server also has access to the keys.

Encryption keys are stored only on the Nextcloud server, eliminating exposure of your data to third-party storage providers. The encryption app does not protect your data if your Nextcloud server is compromised, and it does not prevent Nextcloud administrators from reading user’s files. This would require client-side encryption, which this app does not provide. If your Nextcloud server is not connected to any external storage services then it is better to use other encryption tools, such as file-level or whole-disk encryption.

If you want it encrypted at rest, the best thing to do is use dmcrypt on the server and encrypt the whole disk.

@bastien @anon71540698 @KarlF12 the question is posted in the passwords app category. Your answers are for Nextcloud in general.

@Alcap Encryption passwords app

may’be it is a good idea to remove some of the answers above. now it seems like that password are not encrypted by default on the server and that’s not true. And yes if you read it correctly the answers are about the files, but it’s easy to understand it wrong considering the original question is about the passwords app.

I was expecting much of what @KarlF12 replied, for the files in general, however, I would think that the app itself would have a higher security standard, so I don’t think it’s safe to assume that it is just another file in the server.

I should say that I have full disk encryption, however, I’m at risk of data breach if someone compromises the server, either physically or remotely. I’d like to know if it’s possible that, given the db file passwords uses, it will be possible to reconstruct the data offsite

PS: sorry for the late post, had meant to do it sooner. Will try to keep the thread as active as possible