Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

公开内置密钥算法 #5012

Closed
Tracked by #5013
88250 opened this issue May 26, 2022 · 0 comments
Closed
Tracked by #5013

公开内置密钥算法 #5012

88250 opened this issue May 26, 2022 · 0 comments
Assignees
@88250
Labels
Document
Milestone
2.0.14

Comments

@88250
Copy link
Member

88250 commented May 26, 2022
edited

目前有两个信息是通过内置密钥加密并保存在 conf.json 中的:

  • 端到端加密密码 e2eePasswd
  • 用户信息 userData

一些考虑:

  • 本地包含了所有数据,数据泄露更可能直接发生在本地而不是云端,所以加密这两个信息实际上并没有起到实质性的保护作用
  • 未开源内核代码之前,通过反汇编也是可以得到内置密钥进而解密这两个字段的
  • 开源内核代码以后,内置密钥和相关算法也随之公开

综上,请留意本地环境的安全性,代码上不做调整,依然使用内置密钥加密解密。
@88250 88250 added this to the 2.0.14 milestone May 26, 2022
@88250 88250 self-assigned this May 26, 2022
@88250 88250 mentioned this issue May 26, 2022
Closed
4 tasks
@88250 88250 changed the title 移除内置密钥 端到端加密密码和用户信息明文存储 May 26, 2022
@88250 88250 changed the title 端到端加密密码和用户信息明文存储 端到端加密密码和用户信息本地存储公开 May 26, 2022
@88250 88250 changed the title 端到端加密密码和用户信息本地存储公开 内置密钥算法公开 May 26, 2022
@88250 88250 closed this as completed May 26, 2022
@88250 88250 changed the title 内置密钥算法公开 公开内置密钥算法 May 26, 2022
@88250 88250 mentioned this issue Jun 6, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@88250 88250

Labels
Document
Projects
None yet
Milestone
2.0.14
Development

No branches or pull requests
1 participant
@88250