How does updating Retrospect work?
There has been a lot of confusion on how Retrospect update work. So this KB article is an attempt to explain the main ideas and principles behind the system. And...
Home of Retrospect
Many Kodi add-ons store user name and passwords in their add-on settings. However, almost nobody seems to care about the fact that these are stored in plain text in the settings.xml
in the user_data
folder. Many users do not secure their Kodi boxes as well as their own PC or laptops, hence there is a higher risk of somebody obtaining that specific information.
With Retrospect 4.1.2 a new feature called the Vault was added. This feature enables storing sensitive data in a more secure way. How does this work:
Now I am not claiming that this is perfect, but it is a lot safer than just storing it plain text in the settings.xml.
Before a Vault can be used, the user is asked to set a PIN and confirm that PIN. A PIN can be numerical, but can also include alpha characters. With that PIN, a new PINWord is generated and that is used to encrypt a newly generated Vault Key.
In order to access (either store or retrieve) data from the Vault, the user is prompted for his/her PIN. Retrospect uses that PIN and the Scrypt algorithm to generate the PINWord and decrypts the Vault Key. That Vault Key is then used to either encrypt or decrypt the data using AES.
If an user forget the PIN, there is no way of recovering the data. The only solution is to reset the Vault and pick a new PIN and generate a new Vault Key.