this post was submitted on 17 Oct 2023
1 points (100.0% liked)

Self-Hosted Main

504 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

Hiya People!

I have, for some time, had a specific problem in mind. I cannot, for the life of me, think of a better group to tell me my idea is crap.

In any case, I have a personal knowledge base I host facing the internet on a VPS. It is perfect for me, accessible, based on dokuwiki so its really easy to backup entire installation, the works. It is setup as a private wiki, so login is mandatory for viewing, editing, etc.

What I am looking for is mechanism for encrypting the data on the webserver when the user is not logged in. Under this scheme, the content of the server would be encrypted, only to be decrypted by the authorised password and encrypted again upon logout (or timeout).

Does this make sense? are there solutions like this out there?

I will attempt writing a plugin for dokuwiki, just wanted to make sure there is something out there that solves this problem in general.

Thank you!

you are viewing a single comment's thread
view the rest of the comments
[–] upofadown@alien.top 1 points 1 year ago (1 children)

If the attacker can attack your password hashes at full speed (they get access to the disk) then you would need a fairly hefty password or a random passphrase with a fair number of words in it. That fact can make the sort of protection you seem to be hoping for impractical in many cases.

[–] py2gb@alien.top 1 points 1 year ago (1 children)

Not sure I follow. What I am proposing is a way of encrypting the content of the website. Decrypted only while in use, this way, if someone gets access to the server (bug, leaked password, etc) the content is still encrypted.

[–] upofadown@alien.top 1 points 1 year ago

I am making a distinction between a rate limited login password (which would be secure with something like "Karma27!") and a password that protects encrypted disk data (which would need to be something like "Swipe Stapling Mortally Eloquence Obliged"). It sounds like you are planing to just use the login password for encrypted disk data encryption, which in general won't work as the sort of thing that people use in that case can be trivially cracked.

You can do some password stretching, but that only gets you a factor of thousands improvement.