I like the ability to sync a backup to Dropbox, but if I lose my phone I want to be able to decrypt and read my backup without Pocket, since there is no telling when I'll be able to get another instance running with the backup imported. I've done a little poking around, but I had some questions related to being able to decrypt the database *without* having Pocket do it for me.
1a. How do "hash.txt" and "wallet.db" relate to each other?
1b. What is stored in "hash.txt"?
2a. It appears that "wallet.db" stores the metadata of what groups and fields we have, at least. Does it also store the entries and information inside each field?
2b. Is all of the user-editable information (group names, field names, etc.) encrypted?
2c. At what point is the encryption done? Do you simply encrypt the data being stored in a row, or is there a "blob" you pull from a bare-bones database which decrypts into more formatted text?
3. What is the encryption algorithm and parameters used on the backup?
Yeah, the end result is to be able to decrypt and read the automatically-sync'ed file, so I don't have to manually export and encrypt my own backups. That way, if I lose my phone, I still have all the data until I get a new phone and install Pocket again.
Re: Encryption method and reading the Dropbox backup
Nice implementation of the encryption.
But you should probably replace the sha(password+salt) for masterkey with BCrypt hash since the simple sha hash is easy enough to brute force today (even with no rainbow tables).