Vinod Kumar

Hi all, Attachment support is currently under development. Also, as we already have a discussion about single file database vs split database in this thread, I would like to give an update on that. Having too many request for attachment support, a time factor was also added in decision making. We have decided to take single file monolithic database approach first. It will take much less time to implement and test. Split databases for large attachments will be implemented later on.

Hi @kanenjarrus, Everything looks right. clouldfront.net domains (dl.sinew.in runs on Amazon cloudfront ) are used to serve update files. 1e100.net is a google domain used by analytics. comodoca.com is a Comodo's domain ( certificate issuing authority for our exe), which is reached by OS to verify authenticity of our executables.

@Ronit, MS guys are optimistic about it. I was told two months back that "this is something we are investigating for a future update" by one of MSEdge Dev team representative. Follow the similar discussion here:

Hi @ttrepper, Thanks for your interest in Enpass. Enpass uses AES-256 cipher. Please go thorough our security page to know more about how and which library is used.

Hi @Andy Long, Yes it will be part of next beta.

Hi @72enpass, Are you using Webdav/ownCloud Sync? A similar issue had been reported earlier on linux with 5.2 update with Webdav/ownCloud: However, It was not observed on Mac OSX. We tried to reproduce it in our test lab Macs but it works fine here. It would be nice if you can provide us a demo webdav account on your server for further investigation.

@jane yes that's the plan.

Hi @jane, Enpass core is SQLCipher (open-source) and unfortunately, there is no SQLCipher javascript SDK available that can be used in browser extensions. So, We can't provide a standalone browser extension. We have already applied for inclusion of our edge extension in windows store but there is no reply from Microsoft. Probably, because use of above listed workarounds. Ideally, an UWP app and its companion Edge extension would be a killer solution in Windows sandboxed environment. It is only possible if Microsoft provide above listed APIs. We have reached out to Microsoft about these and they said "this is something we are investigating for a future update". We have all eyes and ears open and will start the work as soon as APIs will be available.

Hi @Xinamo, The upcoming version 5.4 is planned to have better password strength meter (dropbox-zxcvbn based).

Here, 0.0.0.0:* in foreign address field signifies an invalid address. Enpass is listening on loopback address only, it is so secure that addresses only in the 127.0.0.0/8 range can make a connection, which is a range exclusively reserved for connections only possible by other processes running on that system. Secure is a relative definition in this context. The data transmitted is not secure from you (or anyone with root access of the machine). You can dump and analyse the data. But it is secure from anyone else, because communication is only happening over loopback. We use various other measures to restrict the processes who tries to connect to Enpass. You can probably have a look at this link (https://www.enpass.io/docs/desktop-mac/browser_ext_working.html) to know how browser extension communication works.

We are planning to add Folder sync to Android version in next major version. Thank you will be able to sync both Android and Desktop app data through method of your choice via third party sync tool. We can't add folder sync to iOS though, as iOS apps are strictly sandboxed.

Hi @Kevin Fulton, Thanks for notifying the issue. This is a Qt framework (used by Enpass) issue. It keeps polling network status every 10 seconds by default. This is reported here: https://bugreports.qt.io/browse/QTBUG-40332 https://bugreports.qt.io/browse/QTBUG-46015 As a quick solution, add following environment variable in your system. It will turn off the polling. QT_BEARER_POLL_TIMEOUT=-1

Ok found the problem. We use QDesktopServices to launch browser. It is happening when Qt used by KDE is newer than Qt shipped with Enpass. We are planning to abandon use of QDesktopServices in next version and use xdg-open instead to avoid this type of problem. As a fix, you can either Setup Enpass sync in a desktop manager other than KDE or use folder sync for now.

@sysfu That's just a warning because you are using a version of OpenSSL that is different than the one used to build Qt libraries shipped with Enpass. Nothing to worry about. Crash is something to be worried about. Did you tried beta 5.2.4?

Hi @Joss, Thanks for your suggestion for fuzzy search. Currently, Enpass reverses the package name to find the associated domain name and that domain is used to find all items having a matching url. We are also adding an option to add package name/url to an item when it is used for autofill after search, so that next time user have that item available without performing search.

Hi @Bigfire, You might have tried Enpass in past. It is now detecting your old data in ~/Documents/Enpass folder. Just remove or rename this folder and restart Enpass. Than you will be able to start over with Enpass again.

Hi @Anthony, The High-DPI settings are controlled by environment variables. You need to re-login into your window session or restart device in order to new High-DPI settings take effect.

Thanks all for your inputs on this matter. Here I would like to point out how Enpass differs from an online service. In online services, user has to prove his authenticity to service provider (other party) to access the resources. An online services typically authenticate based on username/password and additionally second factor like TOTP etc. Once, you are successfully authenticated, it will send the required data to you or perform any other operations on your behalf. While in case of Enpass there is no one controlling your data at other end. You are the sole owner of your data as it is on your local disk. So, your data is always with you without even a single factor. However, it is always encrypted with your master password. So, Enpass is just a tool to decrypt that data for you if you provide correct master password. But it doesn't mean that we don't want to take our chances with Yubikey. You guys are right saying that we can add Yubikey support by splitting master password in two parts (user provided + static from Yubikey) and definitely the approach will work. However, Yubikey is not compatible with all mobile devices. We have to wait until Yubikey supports all major mobile platforms before promising anything to you. Also, we have limited resources here and at the moment, we are very busy with other important features like attachment support. @Niko_K the link you sent is experimental code and offers security and have limitations as above solution. Thanks again for all your inputs guys.

Hi @JohnF, UWP support for Enpass extension for edge is only possible when Microsoft provide a way/api to communicate between a UWP app and Edge extension. Currently all other workarounds (which traditional app is using) are blocked by Sandbox restrictions of UWP app.

Hi @Kevin van Mierlo Sorry, We can't make it optional (api restrictions by android). I would like to know other users opinions on it whether we should remove this feature or not.

Hi all, Sorry for inconvenience. Confirmed the issue on latest preview build although it works properly on stable build. We have fixed the issue and will roll out an update soon.

Hi @Tamaskan, Thanks for reporting this issue. Currently, modifying runenpass.sh is the only solution. We always try to keeps bundled Qt updated. We are still evaluating the changes made in Qt licensing policy since Qt 5.7, so it might take some time to ship updated Qt version with Enpass.

There is already a discussion on this feature request

Hi @Philip Colmer Thanks for notifying. Added to roadmap.

Hi @kiwiant You can edit/add a text field and mark it as sensitive. It will be concealed by bullets in detail view.