Vinod Kumar

Hi @Unsay, The refactoring process has been started as per plan with new vault architecture that can support multiple vaults and many requested features that were not possible with older architecture. Side-by-side, we have fixed a lot of pending bugs for upcoming update which is main cause of slow release cycle as of now. We have also done a feasibility test for a separate core headless app, but as we use Qt in many places in the core part also, it is still going to load Qt libraries at startup and hence no improvement in startup impact. So, we still continue to use our current model (core and UI in same app). However we are finding ways to reduce startup impact as per Microsoft guidelines https://msdn.microsoft.com/windows/compatibility/startup-apps. Thanks

@yce Transferring your master password or a derived key to server is a very bad idea (which is required in case of sqlcipher for php). It is best to do any encryption/decryption related stuff in a native app. If that is not a choice, next best would be to encrypt/decrypt on client side with javascript. User can be authenticated with server without sending master password using Secure Remote Password like protocol and encrypted data can be fetched from server and decrypt it in javascript.

Hi @rerx and @gaetawoo, Thanks for writing in. We do confirm the bug in the password field. It got introduced in a version which allowed to see passwords by tapping on eye button while editing. Our tests runs use standard Google Keyboard and so the issue was not spotted earlier. We have fixed this issue and will release an update soon. As I mentioned earlier, the current Fingerprint implementation in Android is a very secure. Though in iOS we switch to Master password after three wrong attempts from Touch ID but security wise no such requirement arises in Android. A person having possession of your fake fingerprint can unlock your phone and can do lot of nasty things (including get into Enpass in first attempt after unlocking device with that). If one is super sensitive about this, he should not turn on Fingerprint from Enpass (which is by default, off). We always consider you valuable suggestions, which is why Enpass reached so far. We will consider to implement your suggestion for Fingerprint disable as an optional setting in future. Cheers,

Hi @cimm, Glad it works for you. To set these environment variables automatically at login, please add them to $HOME/.profile export QT_AUTO_SCREEN_SCALE_FACTOR=1 export QT_SCREEN_SCALE_FACTORS=0.5 Cheers

Hi @jasn, Thanks for trying Enpass on gentoo. You should install "lsof" as a dependency to fix browser connection error. Also, the proper way to autostart Enpass on system reboot is to enable "Autostart on system startup" option in Enpass settings. Other methods for auto-starting will lead to launch incorrect binary without properly initialing Enpass environment and hence "QSQLCIPHER driver not loaded" error. Cheers

Hi @klktrk, You are right, It should be https://dl.sinew.in/mac/setup/Enpass-5.2.1.dmg. Our server is still supporting both protocols for legacy reasons. However, Enpass.app is properly code-signed and you can check verify signing certificate details with codesign -dv --verbos=4 /Applications/Enpass.app It should validate with following details: Authority=Developer ID Application: Sinew Software Systems (7ADB8CC6TF) Authority=Developer ID Certification Authority Authority=Apple Root CA Also, Mac Gatekeeper(with protective settings) will automatically block the launch of app it is not code signed properly. Cheers!

Hi @Topa, You should set QT_BEARER_POLL_TIMEOUT variable with -1 value. QT_BEARER_POLL_TIMEOUT should come under variable column and -1 should be under Value column. A screenshot is attached for your reference.

Hi @cimm, Enpass does have HDPI support. In most cases it works out of the box, but sometimes you might need to adjust a few environment variables to make it work. e.g. Please try adding following environment variables to force for 150% scale on your primary display. QT_AUTO_SCREEN_SCALE_FACTOR=1 QT_SCREEN_SCALE_FACTORS=1.5

Hi @Airstar, Yes, you're right that TPM 2.0 is required for new hardware but api support for TPM 1.2 has its own limitations, and the one which is restricting the Full time Hello support on Enpass is lack of TPM key attestation info when asked for using the Microsoft provided APIs. TPM key attestation is a protocol that cryptographically proves that a key is TPM-bound. This type of attestation can be used to guarantee that a certain cryptographic operation occurred in the TPM of a particular computer. We use KeyCredentialManager.RequestCreateAsync() API to get authenticated encryption keys to protect the Master password. Now, we need to check where those keys are stored. It can be on a Hardware TPM or a simulated software TPM. To get this attestation information, we use GetAttestationAsync(), which is generated by the TPM chip. Unfortunately, Above api attestation information is only available TPM 2.0 or higher. So, in case of TPM 1.2 (one in your laptop) or a simulated software one, there will be no attestation information. We have no means to distinguish between a TPM 1.2 or software TPM. So limitation of API is the only reason that we support full-time Hello unlocking only on devices where keys guaranteed to be bound to hardware TPM. You can read about the related information in section 3.1 and 3.4 on https://docs.microsoft.com/en-us/windows/uwp/security/microsoft-passport#311-attestation Hope it helps!

@Topa Can I see a screen shot of Envrionment variable, so that I can spot a typo just in case?

Hi all, Thanks for bringing this topic. Enpass encrypted data file is a SQLCipher database. It is not possible to decrypt it without native SQLCipher support in browser. And as far as I know none of modern browsers provide a native implementation of SQLCipher.

Hi @marc kranat, Enpass extension is trying to reach Enpass app through loopback interface. You need to add exception only for localhost ( 127.0.0.1) in your proxy configuration. Cheers,

Hi @Ryan-linux, Thanks a ton for reporting the issues with Enpass DEB packaging. The extra files and typos are certainly the mistakes by packager and shouldn't be there. We will get them corrected in next version. For proper working, Enpass needs latest features and bugfixes in Qt which are always not available in older versions as different Debian based distros provides different versions of Qt. This will add up more time in testing without any significant improvement in quality. And this could flood our inbox with complaints of Qt incompatibility. The current solution, where we provide those Qt libs against which Enpass is compiled and hence a launch script, has been working fine without any incompatibility for many different version of various distros. I wish we had all the time and resources to keep the things align perfectly with DEB packaging guidelines. We appreciate all your love and support for us to keep improving Enpass with every update. Cheers!

Hi @Topa, This work around should work universally on any version of windows. Also, you should logout and login again in order to change take effect.

Hi @s1lvester, Sorry, we don't have any ready to use apis to suit your purpose. This thing is in our roadmap from long time but with a very low priority. I hope someday we will have enough time and resources to implement it, but at the moment we are very busy with other important tasks. Cheers

Hi all, This feature is still in beta. We are working hard to iron out all the bugs as soon as possible and make it public.

Hi @MacFreek, Thanks for writing in. iPhone version currently supports only Basic authentication for WebDAV. We are aware of this limitation and will overcome it in future releases. Cheers

Hi @Anthony, There are no updates for it as of now. Also, We are working on Edge extension that will work with UWP version of Enpass and will be available to download from Windows store.

Thanks @Arthur Rump, noted. Need some time research it further. Will keep you posted.

Hi @claudio, Thanks for bringing this into notice. Although most of the page faults are soft ones, so it should not impact the performance of system. We found that a timer running in our program is causing these page faults, a code refactoring request has been queued for next release to fix it.

Hi @gaetawoo, Thanks for your time for writing a long list of suggestions and bugs. We have noted the same for improvements in future releases. However I would like to discuss first point separately: Firstly let me assure you this is not a security bug. Unlocking by fingerprint is securely implemented in android OS and OS itself restricts a users after n number of bad tries. Nobody can enter inside Enpass without your fingerprint. In other words brute-forcing by Fingerprint is almost impossible. Even if someone knows your device code and tries to add a new fingerprint, Android will invalidate the Enpass fingerprint key immediately and master password will be asked next time. Please see more details here https://www.enpass.io/unlock-using-fingerprint-in-android-marshmallow-security/ On the other hand, if we delete the encrypted master password entirely on fingerprint authentication error (which sometimes happens with genuine users also for various reasons), it will lead to enable fingerprint support again from the Enpass settings and hence user inconvenience without any gain in security.

Hi @Travis, We will update portable version after the next release v5.5, which will bring attachment support to Enpass.

Hi @jhf2442, Enpass doesn't have its own CA store. Default system CA store is used. The demo account you provided is working ok on our phones. Also this may be the problem related to SSLCertificateChainFile: https://community.letsencrypt.org/t/android-doesnt-trust-the-certificate/16498 Mean while we trying to reproduce and figure out the problem.

Hi All, I am really glad to share that Microsoft is working on the required APIs to let applications like Enpass communicate with the Edge browser extension and they have shared a little details with us. Based on those details we have started the development but we will be in a state to announce any ETA only after Microsoft introduce these APIs in one of coming Insider versions. Till then, please bear with us! Cheers

Hi @dAverk, It will happen when Enpass is not able to connect to OneDrive API server. Please check 1. Your firewall is not blocking Enpass. 2. If you are using proxy for internet, try to configure the same in Enpass preferences (Advance -> Connection -> Manage Settings) also.