Jump to content

My1

Members
  • Content count

    63
  • Joined

  • Last visited

  • Days Won

    2

My1 last won the day on September 26 2016

My1 had the most liked content!

Community Reputation

8 Neutral

About My1

  • Rank
    Advanced Member
  1. Support for U2F

    the only sane way to to 2FA, if any, and that's only if that would work with crypto and smart cards. they can do fancy stuff like signing and therefore decryption might be possible.
  2. Support for U2F

    I messed up a bit, sorry, just woke up. I mean that as soon as someone has you password database most common 2FA isnt going to stop anyone. a keyfile in contrast only adds a superlong password and a dedicated keyfile, with randomized contents is something that for example a virus or stuff could easily snoop up. in combination with the fact that enpass would be installed a virus could snatch the key file and pw database and get out, and the password could be then bruteforced. other than a real second factor, the key file can be copied a thousand times over and no one would notice.
  3. Support for U2F

    well 2FA would work if the key file is ONLY in the cloud, as soon as someone got your keyfile through one way or another, the second factor wont matter anymore. meaning you would have to delete it after each sync. but yeah a key file is one approach but essentially just another tyype of super long password, essentually. if anything a smartcard would be the only option if that's even somehow possible to do
  4. Support for U2F

    2 Factor CAN NOT WORK properly in an OFFLINE password manager.
  5. Store Attachments in the Vault

    well some clouds do delta uploads, but the problem is that not all clouds support that, also for delta uploads you have to make the encryption in a way that delta works because depending on the encryption algorithm, the parts that come later may be heavily influenced by what came before so changing an early attachment would instantly change pretty much everything else making delta uploads impossible
  6. Store Attachments in the Vault

    wouldnt it make more sense to split the attachments into multiple files when they get larger like into blocks of 20MB or whatever. because with just one large file which has all the attachments, it MAY get "funny"
  7. Store Attachments in the Vault

    I would be VERY careful with passports and similar gov-issued documents, depending where you live, storing these can be illegal, especially in print-quality. and for other things like a credit card it might be that it's against the contract especially since the check number on the back is supposed to make sure that the card is "present" during the transaction. also you can get an application that's made for storing files, like veracrypt, steganos or similar solutions. Enpass is supposed to be a password manager and not a file safe.
  8. Store Attachments in the Vault

    well true, regarding the PS, well total, meaning that it's for all posts, and as far as I know IPBoard correctly this is a shared limit among all users, meang if I would attach 19MB now, you could just attach about half an MB. Forum aside, the intresting part is whether the 200kb limit is total or per file is something I dont know, but if it would be peer file you could archive the file into a split archive.
  9. Store Attachments in the Vault

    yes the limitation is artifical but reasonable, as of now, enpass stores the attachments in the same file as the password DB meaning that if you use sync, that the whole files with everything, has to be bounced around all the time as soon as anything changes. If/when they make it so the database and attachments can get split, this problem will solve itself.
  10. Support for U2F

    it can be quite a real life scenario, especially with the nano-sized yubikeys. also instead of making 2 different passwords and accept both, you could just set whatever you want as the static pass for the yubi and use that as decryption
  11. Security audit

    now we are talking epic stuff. thanks @Hemant Kumar
  12. Importing existing Firefox passwords

    I think it's rather about importing from ff directly rather than ff sync.
  13. Open multiple vaults

    android >=4.2 has multi user support iirc (unless the maker killed it, but it could be revived with mods)
  14. Enpass does not support the browser Cyberfox

    but why does the check fail if the browser is signed? clearly indicated by the error report.
×