Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

disable creation of new encrypted accounts, fade out existing ones #2010

Closed
r10s opened this issue Dec 6, 2023 · 2 comments · Fixed by #2011
Closed

disable creation of new encrypted accounts, fade out existing ones #2010

r10s opened this issue Dec 6, 2023 · 2 comments · Fixed by #2011
Labels
bug notify

Comments

@r10s
Copy link
Member

r10s commented Dec 6, 2023
edited
Loading

"encrypted accounts" are flagged as being "experimental" and currently cause several issues:

  • 0xdead10cc crashes because of database cache files left open (unencrypted databases cache files are recognised by iOS and are okay); this adds issues to notifications as we're called less often if we crash on background handlers that shall return fast

  • potential issues on locked devices as the key needed for decryption may not be available; this will add issues for notifications

  • slowness on opening accounts (might be on purpose for security, to avoid brute forcing); again, this is an issue for notifications as we cannot return fast from background handlers

of course, we could also try to fix the issues, however, these resources would be missed elsewhere. also, encrypted accounts add very limited security benefits on iOS, if at all. when they were added as an experiment, it was not clear they will cause lots of problems.

actionable items:

  • strike option to create encrypted accounts

  • the option to open existing encrypted accounts will stay for now

  • add a device message for existing encrypted accounts" saying that this will cause issues and is no longer supported. say how to convert encrypted to unencrypted account (backup export -> import, doing this automatically is not needed for experimental features, the option was always a bit hidden, i do not expect that to have many users)
@r10s r10s changed the title disable creation of new encrypted accounts, consider fading out existing ones disable creation of new encrypted accounts, fade out existing ones Dec 6, 2023
This was referenced Dec 6, 2023
Closed
Closed
Closed
Closed
@link2xt
Copy link
Contributor

link2xt commented Dec 6, 2023

There is also an option to make SQLCipher databases recognizable as SQLite: https://www.zetetic.net/sqlcipher/sqlcipher-api/#cipher_plaintext_header_size
This option seems to have been added at the Signal's request: sqlcipher/sqlcipher#255
Adding this mostly for reference as SQLCipher docs document that there is an exception for locked SQLite files on iOS.

@r10s
Copy link
Member Author

r10s commented Dec 6, 2023
edited
Loading

thanks for summing up things up. however, let's reconsider supporting encrypted accounts on iOS once we have notifications ready, working pull and at best also push (which may still cause issues wrt locking and performance on opening) (only 1 of 3+ issues would be fixed by cipher_plaintext_header_size :)

in between, it is better to disable that and to let ppl move away from encrypted account, clearly saying, it is unsupported. i'd not put our few resources into tweaking encrypted accounts (also, at it is questionable wrt added security at all)

@r10s r10s mentioned this issue Dec 6, 2023
Merged
3 tasks
@r10s r10s closed this as completed in #2011 Dec 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug notify
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

remove encrypted accounts creation from UI deltachat/deltachat-ios
2 participants
@r10s @link2xt