Jump to content
Enpass Discussion Forum

Vinod Kumar

Enpass team member
  • Posts

  • Joined

  • Days Won


Everything posted by Vinod Kumar

  1. Hi @Ryan, Thanks for sharing your thoughts. Our current password strength meter was designed primarily for our password generator only. It is entirely based on entropy calculation. Unfortunately it doesn't check for dictionary words because it is very highly unlikely that our password generator will generate a dictionary based password. However, we do check for 10000 most commonly used passwords and mark them very weak. The good news is that a better password strength meter inspired from dropbox-zxcvbn is currently in primary stage of development. I would also like to share that a new password generator (with Diceware for pronounceable passwords) is ready to be rolled out for all supported platforms soon.
  2. Hi all, Interesting discussion. Just to spice up the matter I would like to add few points We do not use delta/diff uploads. If a newer file is detected, sync-engine downloads the whole file from the cloud. After syncing the whole file is uploaded to cloud. Reason being, no cloud other than Dropbox supports delta uploads/downloads. So, a single (all-in-one) monolith database will impact sync performance and data cost. However, one file per attachment will also hamper sync performance/reliability when no. of attachments grow. In my personal opinion, Bigger attachments (images/pdfs) are big no-no for inclusion in main database and must go in separate database. However, there must be an option to allow inclusion of small attachments(<5KB) in main database. BTW, we will start the development for attachments support very soon in the best possible manner. Your suggestions are always welcome.
  3. Indeed Enpass is an offline password manager and saves your data locally in your device and in any case we do not take any of your personal data. But yes, Enpass does connect to internet with the sole purpose to give best user experience. If you have seen a network activity for Enpass, it could be due to any of following reasons: Cloud Syncing: If you have enabled sync with any of your own cloud accounts, Enpass connects to selected cloud account to check and perform sync operation. Checking for update: Enpass connects to one of our domain (http://rest.sinew.in) having the information of latest releases with version numbers for all platforms or share any critical security news. It doesn't upload any information there except your version number and that too only to perform version comparison. In Windows PC version Win-sparkle ( the library used to download the update) also connects to dl.sinew.in to check update. Google and Flurry Analytic: We use Google and Flurry Analytics SDK to constantly improve the App by checking the number of active users per platform. We do not log your master password, key or any of your Enpass data and this practice of using analytics is very safe and you don't need to worry about. Why we do so? As Enpass is an offline password manager and this link is the only medium where we can share any essential information to the user. And most importantly, we respect your privacy to the most and in any case we don't keep any of your personal information on our servers. So you don't need to worry at all. NOTE: Sinew Software Systems is the parent company which develops Enpass and owns sinew.io, sinew.in, enpass.io domains.
  4. Hi @treege All you said is true that keeping the TOTP at the same place with passwords garbles the purpose of second factor authentication. If the master password of Enpass is compromised there is no actual second factor left. For the same reason we did’t add the TOTP support for logins in Enpass for a long time. But there were too many customer requests with references to competitor products showing desperation and a use case.
  5. Hi all, It is confirmed that after any of recent update, ESET is causing the issue by blocking connections to localhost (Enpass browser extension connects to Enpass on loopback address via WebSocket). Thanks @indikator for finding the workaround by adding an exclusion for localhost ESET Advanced Settings -> Web and e-Mail -> Protocol filtering -> "excluded IP-addresses" -> add Cheers!
  6. Hi @Alatriste, Debian based systems (like Mint) never had this problem, it was a Arch specific problem. However, by analyzing the lsof output, it seems root cause is same i.e. EnpassHelper is not running. Please try reinstalling Enpass from repo. Also please post output of following command ls -al /opt/Enpass/bin
  7. Hi Guys, I am sorry for the trouble you guys are facing. Since last Friday, some of the users have reported the issue. It seems there had been some update of OS or any software in your PC, which is blocking connection of browser extension to Enpass. Please help us in dignosing the issue by letting us know 1. If you have installed or updated and Browser extensions recently? 2. Which Antivirus or firewall are you using? 3. Have you installed any additional security software like Trusteer's Rapport etc, and is it get updated recently. Don't worry guys, we're working on it and will fix it soon.
  8. Hi @sergsk, There is no installer version for 32 bit systems. However if you are using debian based system you can install a 32-bit version from our repository. https://www.enpass.io/kb/how-to-install-on-linux/
  9. Hi @Craig, Currently, Enpass autolock behaviour is overrided (always ask master password) when your machine goes idle or sleep. However, a proper setting to enable/disable this behaviour is in development.
  10. Hello @Pedro, Thanks! Added to roadmap
  11. @Matteo Qt has allowed non integer scaling in latest version but it still has too many problems. We are actively tracking upstream developments on regarding hidpi issues https://bugreports.qt.io/browse/QTBUG-50991 and will provide necessary updates.
  12. @Matteo Please try adding following environment variables to force for 150% scale on your primary display. QT_AUTO_SCREEN_SCALE_FACTOR=1 QT_SCREEN_SCALE_FACTORS=1.5
  13. Hi all, We countered the reported issue in Enpass downloaded from AUR repository. The package in AUR repository trims one of the executable named EnpassHelper (Responsible for Pop-up window of extension) which results in change the SHA256 checksum and main Enpass App fails to execute it. This checksum verification for validation against tempered executable on Linux was introduced in version 5.2 (while on other platforms code signature verification was there) and thats why older versions are running smoothly. It seems that AUR installer is removing debug symbols from EnpassHelper, reducing its size from 2.6 MB to 2.4 MB, hence checksum mismatch. The possible fix is: 1. Install Enpass using installer download from here https://www.enpass.io/download-enpass-linux/ 2. Modify AUR build script so that it doesn't modify EnpassHelper binary in any way.
  14. @Plonqor OpenSSL on these systems is not compiled with necessary flag to include ciphers required by SQLCipher/Enpass, hence this error. Anyway we are releasing an update that will use bundled version of OpenSSL instead of system one.
  15. @Tamaskan Qt Hidpi support for Windows and X11 need to be enabled explicitly by app as per qt docs: http://blog.qt.io/blog/2016/01/26/high-dpi-support-in-qt-5-6/ So, It is enabled in Enpass explicitly. Qt doc also says it might not behave well for some users, so provides an environment variable override: Hidpi support is still far from perfect in Qt and still a work in progress (specially for non integer scale factors ie. 1.5[150%] ,1.75[175%] etc) : https://bugreports.qt.io/browse/QTBUG-50991 We are still gathering inputs from our customers whether to enable Hidpi support explicitly or not.
  16. Hi all, Enpass now uses latest version of Qt (5.6) for drawing its user interface. It is supposed to handle scaling on hidpi or scaled desktops by default. If you are facing problems on your pc, you need to override default auto scaling behaviour of Qt using the method suggested by @Tamaskan. Linux ->Add following line to runenpass.sh or set this environment variable export QT_AUTO_SCREEN_SCALE_FACTOR=0 Windows -> Add the follow environment variable in Computer -> Properties -> Advance System Settings -> Environment variables->System variables->New.. with variable name QT_AUTO_SCREEN_SCALE_FACTOR with value 0. Also please share 1. Display resolution 2. Percentage scaling OS is using for that display
  17. As reported by our users Enpass 5.2 on Arch Linux is crashing on start. This is due to change in which we prefer to use system bundled version of OpenSSL instead of our own. But OpenSSL installation in archlinux is missing a required function. Please execute following command use bundled version of OpenSSL instead. $ ln  <your-enpass-install-dir>/libs/libssl.so.1.0.0 <your-enpass-install-dir>/libs/libssl.so
  18. Hi tuhlmann, Are you trying to run Enpass from Terminal? If yes, correct command to run Enpass from terminal is: /opt/Enpass/bin/runenpass.sh Cheers
  19. Hi all, Please try to run Enpass from Terminal with following command: /opt/Enpass/bin/runenpass.sh Let us know what does logs on terminal says when Enpass tries to launch a browser .
  20. Hmm... thats really weird. The issue is certainly related to the default url launching program configuration otherwise it won't work in Gnome as well. An update (with newer version of Qt framework) is just around the corner. I hope it will play well your KDE installation.
  21. Hi superpit, Thanks to letting us know your preference. We have recently released a Universal Version of Enpass for Windows 10 which you can download from Microsoft store. It supports biometrics authentication using Windows Hello. However, there is no provision for biometrics authentication in our traditional desktop app. As Windows Hello is still in beta and has no API available for Win32 apps. We are waiting for official release of any relevant APIs and as soon as we have  them, we will start working on this feature. Although they have an older set of biometric framework but implementing that will really be a pain and moreover they may be deprecated once with the release of new set, so we are betting on Windows Hello only.
  22. Oh, we don't want you to expose your Enpass data in video. We want to see if we can find some hints with video just in case you know how to backup your current data and create fresh sample data. The problem is we are not able to reproduce problem with same setup in our lab. Anyway a new update is going to be released soon, lets see if it can solve your problem.
  23. Hi Guys, Enpass calls QDesktopServices.openUrl to launch cloud login page in default browser, which internally uses system utility xdg-open on Linux. It seems xdg-open is not configured properly on your systems. Try installing or reconfiguring xdg-utils from your distro repositories. Please do let us know if it works.
  • Create New...