Leaderboard

Thanks @Ivarson. You are 100% right here. @sxc4567PIN locking is a convenience feature and only restricts app access. It does not close the underlaying SQLCipher database handle and an unencrypted database page may still be there in process memory. However, there is an additional level of encryption for the stored passwords with a per item obfuscation key to prevent direct visibility in memory for this case. Though, an attacker with advanced skills can still find the obfuscation keys and decrypt it. Locking with master password is the safest option for Linux as it will close all underlying resources too. Cheers:)

Locking Enpass with a PIN active doesn't close the database AFAIK. If you lock it without a PIN being set, then it's closed properly. In Windows when Full-time TPM support is active, I believe the database is locked properly due to TPM handling the key rather than Enpass itself. I could be wrong though.

Manish, thx for that info. I'm aware that I can order items by dragging that menu icon. However, what if I had a number of items that I'd like to drag as one group? Eg have "Contact Details" before "Home Address"?

Hi @Vinod Kumar, Thank you very much for your reply. I have to say, this sounds really excellent! I read through the linked thread as well; do I understand correctly that, so long as Enpass is locked (for example at the PIN prompt), there is very little risk of data leakage through memory - aside perhaps from UI libraries that are extremely difficult to control anyway?