
"sync + backup?"

Opened this issue · 0 comments

great project!

What is your current horcrux version (output from horcrux version)?

last version

What problem are you are trying to solve?

I was talking to the keepass community and then I was advised by them to talk to the rclone community as keepass does not include a method or form of synchronization but rather third party plugins for this. Talking to the rclone community, I discovered that I have an interesting algorithm or complement to the horcrux.

For example, I split the keepass.db file into 3 files and then I added a folder to each one. After that, I used rclone to privately synchronize each file in each folder in a different cloud. After that, I thought if there was automation. As I couldn't find it, I based it on the existing project and just added little more than 10 or 20 lines for what I needed. I relied on the open project python-keepass, python-rclone and python-splitch for this.

This method of splitting a file relies on everything working (all cloud providers) to recover the data. If you don't have the same n horcruxes, you don't form the horcrux. The problem with this is exactly what makes it safe, private and anonymous: "split". "For example, what if each part of the file is in a different location?"

Suppose you split the file into horcrux. I leave the first part on Google Drive, the second on Dropbox, and the third on Media Fire. What happens here is that you depend on n vendors to retrieve the file and n vendors may not know which n vendors you shared part of the file with. And If you lose your password for one of the cloud providers, or if the cloud provider goes down, the file becomes unrecoverable. And without an internet connection and without each provider's password, the file is not read.

How do you think horcrux should be changed to solve that?

  1. Would it be interesting to have a way to backup the horcrux or some extension like a plugin for this.
  2. Would it be interesting in this case, a complementary algorithm for the horcrux. An algorithm that prevents recovery if you don't have all the horcruxes or a horcrux plugin for cloud sync.
  3. Would it be interesting to have a complementary algorithm to the horcrux that guarantees that a person has a comprehensive way of recovering the data with a specific synchronization.

How could this be done?

The rclone community gave me an interesting tip that I want to share here:

"You could use that in a simple script - horcrux split then rclone copy for each part to the remote backends. The recovery script would do the opposite, rclone copy to retreive the parts and then horcrux bind to join them back together."

"Ideally rclone would have a horcrux backend where you could say, split my data over these N providers in such a way that the data isn't recoverable unless you have M (<=N) parts. [...]"

Additional context

What I'm asking for here is not something difficult or impossible to do, I made the algorithm I describe myself and asked the community what they thought. From the feedback I received, I saw several use cases. In rclone, they are creating something called "erasure encoded backends which are a similar idea but not encrypted - so more like your current scheme but with redundancy." In this case, I hope this feature is implemented in rclone, as I wouldn't need to create something from scratch.

The "keepass is a horcrux", you have the local and full file, and so you share the local and full file, with multiple cloud providers. But the problem with this is that you are not sharing part of the file, but rather the entire file. In this case, I could create a keepass plugin with rclone and horcrux support.

My question is whether I could create a plugin for the horcrux or integrate my idea into the core of the project. If I create a plugin for horcrux, I can leave it in a branch of this repository, or even include the link to my project here. In the second case, we can use an rclone wrapper internally for data backup and synchronization. This prevents me from losing my data or even has a comprehensive way to recover my data. Or it could be an interesting tool to keep a copy of my password database on different cloud providers without needing keepass, just with rclone and horcrux.


That script is risky because if the file gets modified in the two separate places before or after syncing(suppose someone hacked your google drive and changed or removed a part of the file), one or two will be dropped. I was looking for a method using the merge feature of keepassxc, but i'm not sure it is possible to use it in a automated script as the decryption password may be needed. Also, you can't allow any one horcrux to be used to resurrect the original file (and why would you that would be useless) but you can allow two or more horcruxes. Or if you have all the horcruxes you can or should do that too.

If someone has physical access to the computer or there is a process running on your machine, or a hidden task being managed (or someone did some social engineering to convince you to provide the file passwords) perhaps there is access to parts of the file before or after the shipping, and that's bad. But I don't have any solution on this. And the more you split the keepass file, the more secure it is. However, it may become impossible to recover, maintain, manage or synchronize parts of this file.

Another problem I notice is that the horcrux algorithm does not require a password, in my algorithm the password is something necessary to validate each horcrux. And as you divide the file into horcruxes, you need several different passwords. Which can make the user experience bad and inconvenient.

And It can be difficult, laborious and complex to support and maintain the rclone in the horcrux. Does what I said make sense?

Use case?