This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Knox and DropBox (Again!)

Tacitus99
edited July 2011 in Knox
I thought it worth starting a new topic on this since the problems I'm having with Knox and DropBox seem rather weird.



Start by creating a vault and save in ~/documents/knox Note that the password is not saved. Eject the open vault. Now if you open the vault a password is required as you would expect. Eject the vault and then create a symlink and place it in the DropBox folder.



Now do any changes to files in the vault, unmount the vault and allow DropBox to perform any syncs. Now try opening the vault on the same machine again - this time it opens without requiring the password. Quit knox, restart knox, and again the vault opens without needing a password.



It is as if the act of DropBox syncing strips the password, since I can create another vault in the same manner only this time without a symlink to DropBox and knox performs as I would expect with a password required every time.



I appreciate there are 'gotchas' when using knox with DB - in particular not having the same vault open in two places - but this behaviour is something I wouldn't expect.



Any ideas as to what's going on - I appreciate the problem may lie with the user <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' /> OSX 10.5.8 PPC

Comments

  • khad
    khad Social Choreographer
    Dropbox + Symlinks + Knox vaults = Are you mad, man?! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/laugh.gif' class='bbc_emoticon' alt=':lol:' />



    Seriously, though, that combination is a recipe for disaster, but the specific issue you mention is not one that should ever get cooked up. Encryption is supposed to mean something and not being prompted for your password sounds like a rather serious bug if this is the case. Are you certain that the [url="http://help.agilebits.com/Knox/password_stored_in_login_keychain.html"]password is not stored in the OS X keychain[/url]? That would be the likely and obvious reason for this behavior. (In fact, that is the [i]only[/i] reason you would ever not be prompted for a password of a vault.)



    Please let me know. Thanks!
  • Tacitus99
    edited July 2011
    [quote name='khad' timestamp='1309776784' post='31124']

    Dropbox + Symlinks + Knox vaults = Are you mad, man?! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/laugh.gif' class='bbc_emoticon' alt=':lol:' />

    [/quote]

    Probably, but I'm not sure how you'd tell...... <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' /> I only did this for testing and abandoned it after giving it more thought. My feeling initially was that it would be the home vault that would be open, not the one in my DropBox but later realised that using a symlink would kill that idea. So after my post I moved to trying the backup in my dropbox, which I think offers a more secure alternative. However....



    [quote name='khad' timestamp='1309776784' post='31124']

    Are you certain that the [url="http://help.agilebits.com/Knox/password_stored_in_login_keychain.html"]password is not stored in the OS X keychain[/url]? That would be the likely and obvious reason for this behavior. (In fact, that is the [i]only[/i] reason you would ever not be prompted for a password of a vault.)

    [/quote]

    I [u]was[/u] sure since I cannot remember ever using login_keychain to store a password for anything relating to Knox or any other security app, preferring instead to rely on 1-PW. However, on checking I see that a password is there. How or why I have no idea, which probably confirms your earlier suggestion <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />



    Deleted it and things are now as I would expect. However, having read the part of the manual that refers to DropBox+Knox+syncing, I've concluded that however good Knox is for the other things I use it for, this is one area where it's not for me, since the potential for user error is going to be too great.



    Now if you came up with another version that was idiot proof and played seamlessly with DropBox, I'd be there like a shot.



    Sorry for the false alarm.
  • khad
    khad Social Choreographer
    [quote]Sorry for the false alarm.[/quote]

    Phew! You had me worried there for a second (on a couple different levels). <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



    We've got some stuff in the works, but I can't announce anything just yet.



    Please stay tuned!
  • [quote name='khad' timestamp='1309784157' post='31140']

    We've got some stuff in the works, but I can't announce anything just yet.

    [/quote]

    In one of my more lucid moments, I thought that might be the case <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />



    [quote name='khad' timestamp='1309784157' post='31140']

    Please stay tuned!

    [/quote]

    Will do!
  • Just to clarify for anyone else that might be curious: Knox vault passwords that are stored in the Mac OS X Keychain (god help us) are stored under "<vault name>.sparsebundle" (or "<vault name>.sparseimage" for Tiger-compatible vaults). You can find these easily if you do a search in Keychain Access for your vault's name.



    But please...don't save your passwords for vaults containing your sensitive data.[img]http://forum.agile.ws/public/style_emoticons/default/huh.gif[/img]