Security Concern: Mnemonic encryption key is always displayed on the desktop client, under Settings from task bar, after being enabled. This means anyone using your computer logged into your desktop client can recover your encryption key in seconds. I thought the mnemonic would never be displayed again after being enabled… as is done already for Bitcoin wallets and such.
When generating twelve words for encryption it is a good practice to allow people to re-generate the words before enabling (or even provide their own words in multiple languages and spellings).
Where is any documentation for e2e-encryption? I do not see anything in app-store. In github-homepage there is only documentation for API. In NC admin manual there is only something about server-side encryption. The same in NC user manual.
So where is any documentation for e2e-encryption deployment? I think if something is (sic.) “production ready”, then it should have at least some documentation…
Thanks for the link. I’ll report it as a bug. I saw someone else had reported a similar issue under Windows, however theirs was resolved by removing nextcloud.cfg. I’ve duplicated the problem under a fresh install of Linux. I’m surprised more people aren’t seeing this issue?
Turns out it is a packaging problem. Some dependencies are missing, and when added, the client works. This is likely to be fixed on Debian Testing within a week. For those who can’t wait:
Hi,
I tried “End to End encryption” app for 2 days w/ NC19.0.3 and 3.0.1/3.0.2 Desktop clients , but I had to uninstall the app because a delay appeared for every sync using either the official Desktop Client or other webdav clients (I use Joplin app).
This delay was variable, between 15 seconds and 2 minutes (showing “waiting” or “preparing sync”) so it could have been transparent, but it was at each sync, and for a very frequent webdav sync usage (when I sync Joplin on my Phone, and then on my computer, eveyr hour for example), it was really annoying.
Il will try one day to test thoroughly to see the logs, but I wanted to share this experience here if others found had met this bug ?
Well, it seems to be a bug, because it happens even when I sync via Webdav (using Joplin for instance) and when there is no encrypted folder to sync. (I would have understood if only the sync of encrypted folders would have take longer).
Best to all,
Bruno
This is really great progress, especially with the end-to-end encryption and new shiny Desktop clients. Do we know if E2E-encryption can be used safely on iOS devices despite being labeled „experimental“ in the app (could we kindly ask you about the app’s status @jospoortvliet or @ios? Thank you so very much!)?
English has more than 600,000 words, but let’s stick to the 2,000 most used words, that any English-speaker, even less educated, knows. It is still 2000^12 = 4,000,000,000,000,000,000,000,000,000,000,000,000,000 = 4.1 e39 possibilities
It’s about 12 times more secure than 16 randomly (truly randomly) chosen characters among the 255 ASCII character set (and quite easier to remember or type, or hide in a textbook etc.) 255^16 = 3.2 e38
It’s about 3 times more secure than 20 randomly chosen characters among the 90 characters that most people use (letters, digits and a few symbols on the keyboard). 90^20=1.2 e39
