Jump to content

wachschaf

Members
  • Content Count

    5
  • Joined

  • Last visited

Community Reputation

0 Neutral

About wachschaf

  • Rank
    Newbie
  1. sorry for reuse this topic from last year, but I I have the same problem under macOS, too. I have added my own root-certificate (public-key from my ca) into the MacOs-keychain and marked the certificate as trusted. But I still get the error-message from enpass, that the certificate isn't valid. Under iOS, enpass works fine without activating the switch to bypass the certificate-check. if I access the web-frontend of the webdav-server via https, the certificate is shown as valid. @jankkm, @Anshu kumar do you have any idea, why enpass think that the certificate isn't trustworthy?
  2. Hi @Anshu kumar nice to hear! looking forward to the release of Enpass 6 and iOS 12! have a great time!
  3. Hi Enpass Team, are you planning to support the new Password AutoFill-Feature of upcoming iOS 12? Its an very comfortable way to autofill passwords from 3rd-Party Password managers like enpass. Especially for signing in to iOS applications, where right now is still copy and paste necessary. Best regards, Wachschaf
  4. Hi @Akash Vyas, this is really frightening to hear! This means, also if enpass is locked via pin, the password's still remain DECRYPTED in the memory (RAM)?! In this case, the vulnerability of Enpass is much higher than I have expected!!! Especially if every malware / virus which uses a high critical security gap like Meltdown can access other processes memory! Sorry, this is absolutely unacceptable for a highly critical sw like a password manager! How far are the attempts grown to refractor enpass, which were mentioned by @Hemant Kumar in your referenced discussion? Best regards, wachschaf
  5. Hello Enpass-Team, happy new year to you! I'm a very happy user of Enpass and it's perfect usability. But since some week's I'm frightened about the usage of password-managers because of the released information regarding Meltdown and Spectre (CVE-2017-575, CVE-2017-5715 and CVE-2017-5753) Especially Meltdown can lead to a dump of the Memory of Applications like Password-Managers, which are one of the most valuable targets! I know, that MicroCode-Workarounds for CPUs and OS-BugFixes are on the way, but I want to ensure, that you have implemented Enpass in a way, to minimized the possibility to extract our passwords via such vulnerabilities. Can you please give us some information, how you protect our data against such issues? For example: When do you decrypt the passwords and store it in RAM? - When the user unlocks enpass, or when the user requests one specific password? Do you decrypt always all passwords or only the one which is requested? I know you use SQLCipher as backend. Does this mean, that always the whole Database is decrypted after unlocking enpass? Please let us know some details. This is very important, especially as long as no audit of enpass exists. Thanks in advance for you detailed explanation, wachschaf
×
×
  • Create New...