Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Client side encryption

See original GitHub issue

“Stored privately and encrypted at rest.”

This lets me conclude: encrypted => bashhub down

I have to assume, you want to make bashhub a reliable service, so it has to be always up.

This lets me also conclude: bashhub up is a tautology =>bashhub down won’t ever be fulfilled. So encrypted cannot ever be fulfilled, because encrypted => bashhub down has to be valid.

This is simple logic: The data won’t ever be in an encrypted state.

For a real formal approach. Sry, I’m too lazy spending effort in this.

Issue Analytics

State:
Created 8 years ago
Reactions:3
Comments:9 (2 by maintainers)

Top GitHub Comments

2reactions

bebeheicommented, Sep 25, 2016

Taken from the FAQ:

Where are my commands going? They’re stored in Bashhub’s database. All commands are private. Bashhub’s command database is encrypted at rest using storage level encryption. Commands are encrypted in transit using HTTPS. For more details checkout the basic security and privacy practices.

That says:

In general you have to trust @rcaloras for hosting the service. He can read every command, what you’ve typed and synced via bashhub. That’s your decision, but I don’t doubt his service.
Any person, who has got enough access to the server running it live, has got full access to all commands. This includes possible hackers. The service claims to be private, but - like in every software - there may be flaws in the authsystem giving hackers enough access to the application reading out the storage.
- General flaws, like that the server software is not released open source
Anyone who gets knowledge of the storage password, has got access to all commands.

But that’s not about the reason, why I opened the issue. It’s about the logic, if you actually can say, that your commands are encrypted.

Bashhub is an online service. You want to have it up, with highest uptime possible. So, If your storage is encrypted at rest, you have to shutdown bashhub, to have it actually encrypted. There is no other way, but only then it would be fine.

But as the server admin, it’s your interest to have the system up as long as possible. And as the storage is only encrypted when bashhub is down, your interest, that the commands are actually encrypted, is close to zero.

The best option would be of course: Encrypt the saved commands on the client and store only the encrypted data on the server.

1reaction

evanstucker-hates-2facommented, May 9, 2017

I’d like to second this issue. This service looks almost exactly like what I’ve been looking for - the feature set it great! - except I need to have it stored in my cloud, not your cloud. If I’m using this for work and I accidentally put a password on the command line, I can’t have that going to a third-party. If I were able to host a bashhub server at work and the password never made it off-premises, I could use this product.

Can you open source the server side and allow client configuration to point to a private server?

Top Results From Across the Web

Protecting data using client-side encryption

Client -side encryption is the act of encrypting your data locally to ensure its security as it passes to the Amazon S3 service....

About client-side encryption - Google Workspace Admin Help

With Google Workspace Client-side encryption (CSE), content encryption is handled in the client's browser before any data is transmitted or stored in ...

Client-side encryption - Wikipedia

Client -side encryption is the cryptographic technique of encrypting data on the sender's side, before it is transmitted to a server such as...

What is Client-side Encryption and Why Does It Matter? - Virtru

Using client-side email encryption makes it less likely for your information to be intercepted by hostile third parties on the Internet.

Client-side encryption keys | Cloud Storage

When you perform client-side encryption, you must create and manage your own encryption keys, and you must use your own tools to encrypt...