Crypt.Oh

It is more of a convienice request than anything. when i first fired it up i was a bit puzzled there was no credentials required, and nowhere in the webgui to set them. Either way if the password is compromised i don't see how making the password change only available by cli helps anything... if somone gains access to the gui, they have all the keys, can sync what they like, and potentially even overwrite the data on synced devices (yay for the .trash). If they change your gui pass, you can always reset it via the config file, but seriously, the damage will already be done. Personally... if i end up putting this into use, the webgui would be bound to 127.0.0.1, just don't sync anything too sensitive, and if there is some important stuff, put it in LUKS or TrueCrypt containers.

Hi, thanks for making public this very excellent idea! I am a linux user and have just taken it for a test drive. A few ideas i'd like to suggest. 1. A Client ID randomly generated by the client at time of installation, this is so that if a sync request comes in, we can choose to accept or decline the request to sync that device if desired. As this gains popularity I can certianly see people randomly generating keys, and seeing if they get to sync from anyone :-p. By default i've noticed all genrated keys are uppercase alphanum, it is a reasonable keyspace... approx 36^32 ... but I have a sneakiing suspicion one could be found. hopefully people will use strong custom keys. But the key could equaly well get passed to a 3rd party and i'd like to be able to have a list of ID's i'll allow to connect. 2. Username / Password settings within the webgui for logging into it... glad to see it exists as a config file option though. I haven't read the full thread here, my apologies if this has already been suggested Also I understand is it alpha, i really like what I see so far, keep up the good work!