I have a problem when accidentally omitting the encryption password when sharing to an untrusted device. This is a continuation of my reply here:
Original text:
I was testing the untrusted devices feature on a new folder I shared with 3 devices:
AB-
U(untrusted)
I set up the sharing as follows:
- Shared the folder from
AtoB. - Shared the folder from
AtoU.
So far so good.
Now I was trying to set up the sharing of the folder between B and U, but as I didn’t enter the password on B so the data was shared normally with U and U ended up with both encrypted and unencrypted folders (no files seem to have been transferred? More on that later).
sacnoth@untrusted-device:~/cloud/MobileCloud$ ls
0.syncthing-enc 4.syncthing-enc 8.syncthing-enc C.syncthing-enc G.syncthing-enc K.syncthing-enc O.syncthing-enc S.syncthing-enc
1.syncthing-enc 5.syncthing-enc Arbeit D.syncthing-enc H.syncthing-enc L.syncthing-enc P.syncthing-enc T.syncthing-enc
2.syncthing-enc 6.syncthing-enc A.syncthing-enc E.syncthing-enc I.syncthing-enc M.syncthing-enc Q.syncthing-enc V.syncthing-enc
3.syncthing-enc 7.syncthing-enc B.syncthing-enc F.syncthing-enc J.syncthing-enc N.syncthing-enc R.syncthing-enc
Arbeit was the folder I shared.
Now B, the Android Syncthing app, kept repeatedly crashing. This could have prevented any actual files from coming through. But the original folder structure was created on the untrusted device.
And U, Syncthing for desktops, reported this in the WebUI:
Failure checking encryption consistency with device <B,phone> for folder “MobileCloud” (folder-id-123): folder is configured to be encrypted but not announced thus
The message is cut off after ‘thus’ and the folder is marked ‘Out of Sync’.
It’s hard for me to see the encrypted folder / untrusted devices feature as a replacement for some other form of encrypting the folder contents when a misconfiguration (not entering the encryption password) on one device can easily bring a folder into this state.
6 posts - 2 participants