3.0 KiB
3.0 KiB
Comparation Between Encryption Formats
Warning
ALWAYS BACKUP YOUR VAULT MANUALLY!!!
If you switch between RClone Crypt format and OpenSSL enc format, you have to delete the cloud vault files manually and fully, so that the plugin can re-sync (i.e. re-upload) the newly encrypted versions to the cloud.
The feature table
| RClone Crypt | OpenSSL enc | comments | |
|---|---|---|---|
| key generation | scrypt with fixed salt | PBKDF2 with dynamic salt | scrypt is better than PBKDF2 from the algorithm aspect. But RClone uses fixed salt by default. Also the parameters might affect the result. |
| content encryption | XSalsa20Poly1305 on chunks | AES-256-CBC | XSalsa20Poly1305 is way better than AES-256-CBC. And encryption by chunks should require less resources. |
| file name encryption | EME on each segment of the path | AES-256-CBC on the whole path | RClone has the benefit as well as pitfall that the path structure is preserved. Maybe it's more of a design decision difference? No comment on EME and AES-256-CBC. |
| viewing decrypted result | RClone has command that can mount the encrypted vault as if the encryption is transparent. | No convenient way except writing some scripts we are aware of. | RClone is way more convenient. |
Some notes
- Anyway, security is a hard problem. The author of Remotely Save doesn't have sufficient knowledge to "judge" which one is the better format. Use them at your own risk.
- Currently the RClone Crypt format is recommended by default in Remotely Save. Just because of the taste from the Remotely Save author, who likes RClone.
- Always use a long password.
- Both algorithms are selected deliberately to be compatible with some well-known third-party tools (instead of some home-made methods) and have many tests to ensure the correctness.