Current encryption settings

[Argenthos]

First of all, i am no expert in encryption, but for what i can see other softwares with encryption capabilities offer a bit more settings that EPIM at present time.

From what i learned so far about encryption stuff, correct me if i am wrong, EPIM already has those capabilities, like hash, key size and iterations, it just doesn't have the option for the user to change this and these settings make a diference.

So it would be nice in the future if we could have the option to change those settings.

[TumbleDoor]

First of all, i am no expert in encryption, but for what i can see other softwares with encryption capabilities offer a bit more settings that EPIM at present time.

From what i learned so far about encryption stuff, correct me if i am wrong, EPIM already has those capabilities, like hash, key size and iterations, it just doesn't have the option for the user to change this and these settings make a diference.

So it would be nice in the future if we could have the option to change those settings.

EPIM is not made for encryption experts either, otherwise it would be open source.

For the vast majority of users it would be confusing and dangerous to offer extra encryption settings that modify how the encryption works.

As a general user program it is better that options are kept low.
[I invite you to open nearly any compression program like 7zip and check their encryption options as a good example.]

Power users looking for more should forgo built in encryption system and use something like VeraCrypt instead.

For better general use security what EPIM really needs is support for 2FA tokens. As having only the option for a static password is the biggest security risk as there are countless ways to capture a typed or pasted user password, but very few ways to capture a hardware token. [unless you count willy cartoon style schemes to steal them.]

[Argenthos]

The settings i talked about are simple. If left by default they provide the same protection by default and if changed offer a bit more of protection because of the added randomness, thats all.

I was thinking about something like this in the security options:


If it is like i think it is, that these settings already exist in EPIM, and just lack the option to change them in the UI, they are probably easier to implement than 2FA. While 2FA is indeed a big plus, i think its a lot harder to achieve this in the near future.

But like i said, im not sure if my thinking is correct, only the developers can tell if i guessed right or wrong.

[TumbleDoor]

The settings i talked about are simple. If left by default they provide the same protection by default and if changed offer a bit more of protection because of the added randomness, thats all.

I was thinking about something like this in the security options:


If it is like i think it is, that these settings already exist in EPIM, and just lack the option to change them in the UI, they are probably easier to implement than 2FA. While 2FA is indeed a big plus, i think its a lot harder to achieve this in the near future.

But like i said, im not sure if my thinking is correct, only the developers can tell if i guessed right or wrong.

You can already change "key size"

2020-11-26_121016.png (5.66 KiB) Viewed 891 times

Being reasonable there are only two options for hashing worth using SHA256 and SHA512, and it doesn't really matter which is used as they are both unbreakable, and when one breaks EPIM will need to be updated to automatically change to something else that doesn't even exist yet and therefore isn't an option at this time.

Unless the default Iterations is atrociously low there's no point in changing it. Though you might lower security by letting the user change it, as it would be easier for the attacker to find the iterations count. As with a hidden default depending on how crafty the devs are being could be quite hard to find, as it could be hidden about anywhere in the program code. Whereas if you make it user settable, then it will be something an attacker can trace and find fairly easily.