I just learned that kopia (A cross-platform backup-tool with encryption, deduplication, compression and cloud support.) stores the repository password with only base64 obfuscation in ~/.config/kopia/repository.config.kopia-password
This reminded me of the discussion around the signal messenger basically doing the same:
There is an issue open for kopia regarding this topic:
The devs are basically saying that “The user’s home directory (whether encrypted or not) is usually considered secure (it typically already contains lots of other sensitive data, such as browser cookies, various authentication tokens, .boto, .netrc, etc.) so hiding the password from the user seems counter-productive.”
The best solution seems to be to use --no-persist-credentials when connecting to a repo and consequently set env variable KOPIA_PASSWORD before each kopia command. This will not create ~/.config/kopia/repository.config.kopia-password
This is how I am doing it now:
function kopiapw() {
KOPIA_PASSWORD=$(cat /path/to/kopia/passwordfile) kopia $*
}
function kopia_connect() {
kopiapw repository connect filesystem --no-persist-credentials --path=/path/to/repo
}
alias kopia=kopiapw
I’d be interested to hear some thoughts on how this might be fully exploited (general scenarios), so that we can fairly assess and discuss the risk it might present.
Hmm. Kinda not bothered by such things, while also being shocked to learn about them.
Reason being: Like they said, browser configs are in your home directory too. For attackers, I’d imagine this is one of the main things they’d go after because copying your configs to another device, then accessing them with the same browser brand would raise no alarms from most apps and services.
We should probably be asking browser devs to do something about that, but what could actually be done realistically or even technically? Like, based on browser technology, is it possible to actually do something about it?
I think even if there’s a solution, it is probably a bit too cumbersome and annoying to deal with. I believe that in cases where security isn’t the most important feature of the application, such things are okay. They aren’t ideal, but then nothing is perfect. The individuals that want to protect themselves against that have options for browsers, i.e not storing cookies of any kind and logging in every time you want to use a service. For the rest of us, applying some common rules of Internet use, which mostly boils down to distrust by default, one would be okay for the most part.
Agreed. Like, even with the Signal thing, they could probably set a bash script to decrypt and encrypt that file/folder using a keyboard shortcut or listener.
