Leaderboard

I understand that you do not wish to open-source your product, but I am reluctant to use it because of the fact it is closed-source, the company is based in India (yes, this matters) and there is no information about the development team. Have you considered having an independent 3rd-party audit your source-code on a regular basis as a way to gain credibility without open-sourcing your product? Thanks, Gili

Hello, is it possible to autofill applications like Steam, vSphere Client, Origin, Putty, Microsoft Remote Desktop ... with Enpass? Best Regards

Hi Enpass Team, as you claim everywhere that Enpass is based on SQLCipher, an opensource technology, I decided to look by myself (not that I don't trust you, but i'm curious ;)). So, I installed sqlcipher and opened the database. It was easy to find the right parameters to decrypt the DB: PRAGMA cipher_default_kdf_iter = 24000; PRAGMA kdf_iter = 24000; PRAGMA key = '<PASSPHRASE>'; But now, I can't find where are the passwords. I would have thought they would be in the Cards table in the Data field, but it's obviously not, as (almost) all my Data fields have the same value. The passwords does not seem to be in the other tables. So, where are they? I surely missed something. Could you enlighten me? Thx!

I would like to increase the number of PBKDF2 iterations used.

I would like to have more influence in the security as well and configure iterations. Another up-vote from me. Additionally I would love to have the option to define the encryption bit size as well. While it's currently 256 bit AES, I always like to go the extra mile and increase the standard value - probably 512 here. And yes, I definitely don't mind to trade-off performance. Especially because my PCs (the only devices I use Enpass on) are very powerful. Please give us more options to increase the security by our own. I like the idea to have an "Expert Settings" tab. Best regards, Kristian

I totally agree! That would boost up your reputation!

Hi Romain, I found a python script on github that lists all your items from Enpass. https://github.com/steffen9000/enpass-decryptor/blob/master/Enpassant.py Clearly, Enpass is doing additional encryption of data column for unknown reasons.

That sounds like you're sacrificing security for the sake of performance. And you're absolutely right, it really is a trade-off between security and performance. That's why I'd suggest to make it configurable. With KeePass I had set this to 200M iterations and it only took a second to open/save the database on my Desktop. If you fear complicating the user settings dialog, you could add an "expert settings" tab.

Hi @iSCSI, Enpass currently supports autofilling in browsers only using the browser extensions. However we have plans for autofilling in other apps (out of browser), but defiantly it will take take time.