Jump to content

My1

Members
  • Content count

    73
  • Joined

  • Last visited

  • Days Won

    2

My1 last won the day on September 26 2016

My1 had the most liked content!

Community Reputation

8 Neutral

About My1

  • Rank
    Advanced Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. My1

    Security audit

    true enough. although I wouldnt have expected that Sodium gets droppen in v6.
  2. My1

    Security audit

    as I am HEAVILY against W10 I can assure you that I dont have the store version. These are the folder views for enpass 5 and 6 respectively with no sodium to be found.
  3. My1

    Security audit

    btw regarding Sodium, I just did a search on my PC for anything sodium related and I didnt find any Sodium Files in the Enpass related folders. is it that because windows is using something else or is there something wrong?
  4. My1

    Security audit

    well finally we have some visible progress. the Beta of EP6 started, so now we have something to work with.
  5. My1

    Security audit

    @rembert While I fully agree that it is annoying to wait for ver 6 to get an audit they kinda do have a point. Audits are probably expensive as hell and where a new versionis in development it would kinda be ugly to audit the old version and users would take that as a reason to not get the newer version, or that users wouldnt trust the new ver as much as the old one.
  6. My1

    Security audit

    okay, well I am not from the US and therefore essentially both LP and Enpass are alien companies for that matter. one of the best things about enpass is that they make it easy to not need to trust them. their database is in a relatively open format and I can choose where to store, or even do the sync myself while letting enpass itself not even touch the internet with a "10 foot pole" as you americans tend to say (I'd rather say ten meter, but that's another story). meaning I could essentially pseudo-aigap Enpass and let for example the Nextcloud client do the sync of everything, which makes it impossible for Enpass to doanything crazy in regards to move data somewhere where it doesnt belong or whatever. regarding seeing your replies, I have an email notif, but even if I hadnt, usually when an account is removed the posts dont vanish and it will mostly remove your picture and other data and say deleted user instead of your username.
  7. My1

    Is it really more safe?

    @ChaosNo1 The security of the data depends on mainly 2 things: access to the database file Encryption of the database and let me tell you one thing first regarding 2FA: 2FA only restricts the access to the file, if they can access that some other way your 2FA gets useless, so you can use it to get a bit more extra security (I do so as well) but important: DONT RELY ON IT. Regarding online Managers, they more than often enough allow for caching the database locally so there is usually also a local copy lying around for those making the only real difference between Enpass and online managers that with Enpass YOU CAN CHOOSE where to store your database. it doesnt have to be your NAS, any cloud provider would also do, and while some may not like the fact that cloud providers have the database, there's another big difference between a database stored in the classic cloud and an online manager. THE SEPERATION OF APPLICATION AND STORAGE. nothing can really prevent a maker of password manager being forced by their government to implement code to get your passwords, but the thing is that when you have the data at some place which is not by the maker they now have a problem because with a strict firewall a sync will only occur to the place you selected, making it harder for them to get anything, and that even more so when you use your own storage.
  8. My1

    Security audit

    has Lastpass been Audited? also Lastpass obviously has the problem that they have your data. also the way LP stores the data is apparently relatively open and based on standards so people can try to check that for themselves.
  9. My1

    Security audit

    the UI I saw was more like this: and reminds me more of keepass. and having a list of categories on the left and on the middle the list of entries and the content on the right (or bottom) isnt really creative, this is a similar thing as what mail clients can do for eternities, and this basic idea which makes sense, it's not really a wonder they look similar.
  10. My1

    Security audit

    no 1pw is not open source as far as i remember. also I have no exact idea when 1pw6 was released but the version before had a drastically different UI.
  11. My1

    Support for U2F

    the only sane way to to 2FA, if any, and that's only if that would work with crypto and smart cards. they can do fancy stuff like signing and therefore decryption might be possible.
  12. My1

    Support for U2F

    I messed up a bit, sorry, just woke up. I mean that as soon as someone has you password database most common 2FA isnt going to stop anyone. a keyfile in contrast only adds a superlong password and a dedicated keyfile, with randomized contents is something that for example a virus or stuff could easily snoop up. in combination with the fact that enpass would be installed a virus could snatch the key file and pw database and get out, and the password could be then bruteforced. other than a real second factor, the key file can be copied a thousand times over and no one would notice.
  13. My1

    Support for U2F

    well 2FA would work if the key file is ONLY in the cloud, as soon as someone got your keyfile through one way or another, the second factor wont matter anymore. meaning you would have to delete it after each sync. but yeah a key file is one approach but essentially just another tyype of super long password, essentually. if anything a smartcard would be the only option if that's even somehow possible to do
  14. My1

    Support for U2F

    2 Factor CAN NOT WORK properly in an OFFLINE password manager.
  15. My1

    Store Attachments in the Vault

    well some clouds do delta uploads, but the problem is that not all clouds support that, also for delta uploads you have to make the encryption in a way that delta works because depending on the encryption algorithm, the parts that come later may be heavily influenced by what came before so changing an early attachment would instantly change pretty much everything else making delta uploads impossible
×