github vrtmrz/obsidian-livesync 0.25.0-beta1
on GitHub

latest releases: 0.25.16, 0.25.15, 0.25.14...
pre-releaseone month ago

0.25.0-beta1

13th July, 2025

After reading Issue #668, I conducted another self-review of the E2EE-related code. In retrospect, it was clearly written by someone inexperienced, which is understandable, but it is still rather embarrassing. Three years is certainly enough time for growth.

I have now rewritten the E2EE code to be more robust and easier to understand. It is significantly more readable and should be easier to maintain in the future. The performance issue, previously considered a concern, has been addressed by introducing a master key and deriving keys using HKDF. This approach is both fast and robust, and it provides protection against rainbow table attacks. (In addition, this implementation has been a dedicated package on the npm registry, and tested in 100% branch-coverage).

As a result, this is the first time in a while that forward compatibility has been broken. We have also taken the opportunity to change all metadata to use encryption rather than obfuscation. Furthermore, the Dynamic Iteration Count setting is now redundant and has been moved to the Patches pane in the settings. Thanks to Rabin-Karp, the eden setting is also no longer necessary and has been relocated accordingly. Therefore, v0.25.0 represents a legitimate and correct evolution.

As previously reported, beta releases are made when forward compatibility is broken. This version will be released in about a week if no issues arise. I am aware that there are other outstanding issues, but as this is a security matter, please let me prioritise this release. Thank you for your understanding and patience. I hope you enjoy the new version.

If you are able to use it with me ahead of time, please report anything you find. Please remember to back up your vault before updating to beta.

Fixed

  • The encryption algorithm now uses HKDF with a master key.
    • This is more robust and faster than the previous implementation.
    • It is now more secure against rainbow table attacks.
    • The previous implementation can still be used via Patches -> End-to-end encryption algorithm -> Force V1.
      • Note that V1: Legacy can decrypt V2, but produces V1 output.
  • Fetch everything from the remote now works correctly.
    • It no longer creates local database entries before synchronisation.
  • Extra log messages during QR code decoding have been removed.

Changed

  • The following settings have been moved to the Patches pane:
    • Remote Database Tweak
      • Incubate Chunks in Document
      • Data Compression

Behavioural and API Changes

  • DirectFileManipulatorV2 now requires new settings (as you may already know, E2EEAlgorithm).
  • The database version has been increased to 12 from 10.
    • If an older version is detected, we will be notified and synchronisation will be paused until the update is acknowledged. (It has been a long time since this behaviour was last encountered; we always err on the side of caution, even if it is less convenient.)

Refactored

  • couchdb_utils.ts has been separated into several explicitly named files.
  • Some missing functions in bgWorker.mock.ts have been added.
Check out latest releases or
releases around vrtmrz/obsidian-livesync 0.25.0-beta1

Don't miss a new obsidian-livesync release

NewReleases is sending notifications on new releases.

Get notifications