Koofr (Cloud Storage)

Koofr Vault E2EE is secure.

1. There is no need to ever import anything from Rclone to Koofr Vault to make a Safe box. The only thing a new Safe box requires is the folder you want to have it in, and the Password (which is called Safe key).

This Safe key is used, to encrypt all data, including the filenames and any metadata. Safe key is never transmitted to Koofr servers , and without it all contents is unusable. There is no second decryption option, no other way to access these files but with this Safe key that only the user knows.

1. Advanced settings, which enable one to export or import part of existing Rclone config, are there for convenience. Koofr made a simple graphical interface which runs completely inside your browser (not on Koofr servers, this part is rendered by your device), and displays the settings in a way that you can simply copy to and from rclone. You can achieve the same by typing out everything manually. It is more convenient by providing a tool that lives inside your browser. This was made for the less technical users.

2. Salt is for some reason called password2 in rclone config. Salt is a random string of characters, that makes bruteforcing difficult. Even if 100 people would use the same “password” as their Safe key, the hashed values of their files, would be different, since the salt part is different for everyone.

You can’t decrypt your files or access your Vault with the salt. But it does add additional protection from an attacker that would try to reverse the hash values with a rainbow table. Salt makes your password better, but your password (Safe key) is what actually matters, and this is NEVER transferred to Koofr.

And that is why Koofr Vault is truly E2EE.