The original proof of concept uses the built-in password-based encryption provided by iTunes. An open question is whether this should be supported long-term. Some concerns:
- Relies on password strength. This could be an issue, especially if users choose to store their backup in the public IPFS network
- There are some manifest/metadata files that don't seem to be encrypted. How sensitive is this data?
Possible ideas:
- Custom encryption mechanism that requires a more strict key-management integration and encrypts manifests
- Use the built-in encryption, but enforce a password strength
- Leave it up to the user
The original proof of concept uses the built-in password-based encryption provided by iTunes. An open question is whether this should be supported long-term. Some concerns:
Possible ideas: