There should be a way to recover lost or forgotten passwords.
no no no, plz no!
the next stage will be an additional file where the clear password is stored ;)
this file has to be synced via dropbox as well.. you don't know where you going to forget it..
@Hanjo, you don't need to store the .encfs6.xml file in your dropbox, just as long as any computer that you entrust to access your secure dropbox files has possession of a copy of that .encfs6.xml file.
I don't have a copy of .encfs6.xml stored anywhere in my dropbox.
I don't understand why people are saying no to this option.
It sounds simple. If you wish to have a recovery method, at the time of setup you specify to create a portable encryption key file that you store on a disc in a safe place. Only those who have done this will be able to use that very file to do recovery. A hacker wouldn't be able to generate the file without knowing your password, and likewise, you would only be able to generate the file at the time that you know your password.
What's the problem with that? It's not like the suggestion is "leave a gaping hole that provides a superpassword to unlock any data"
That would of course be a solution, but on the other hand it would mean to decrypt the ciphertext you only need the file, not the password any more. If you have the password you still need the IV. Ok, I have to admit that this is usually publicly available (in the Dropbox), but still there is no reason to make it easier for an attacker. If you look at encryption software from other vendors (e.g. the original encfs or TrueCrypt) there is no such thing as a password recovery function - for good reasons...
We're thinking about a feature to backup your encryption configuration (.encfs6.xml) file with the volume key stored in plaintext and not encrypted with a password. You could backup this plaintext configuration to a secure external storage (e.g. a CD which you store in a safe). If you forget your password you could use this backup file to decrypt the files without a password.
Any thoughts? This might be useful for some people. Sure, you could also just write down your password and put it in the safe...
This is a really bad idea in terms of encryption safety. There should be NO possibility to decrypt data without the correct password and the best way to crack the encryption should be a brute-force attack. If there are better (faster) possibilities to decrypt the data the cipher is broken. So I beg you not to implement a way to recover lost or forgotten passwords.
Nope! No recovering tool. Nada please!