Jump to content

Hitman

Members
  • Content Count

    27
  • Joined

  • Last visited

  • Days Won

    5

Everything posted by Hitman

  1. Hitman

    Steam TOTP Support

    Steam implements TOTP with a different alphabet. The basic algorithm seems to be the same as usual TOTP, but the representation of the token is different. An example implementation can be found here: https://gist.github.com/mooop12/1af7f0ffc8f28ea76f27abcba1e6da01 It would be cool if Enpass added support for these token types (maybe even as part of Enpass 6? :-) ) To not clutter the UI, maybe you could take the road of Bitwarden which uses a URL scheme to support different token types (no schema = default TOTP token, special token however could be steam://xyz123abc456).
  2. Enpass will already create a sub directory called "Enpass". If you want it further down, simply add the directories to that path. (for example https://<your-owncloud-host-domain>/remote.php/webdav/some/more/directories ... you may have to create them in advance, I guess)
  3. Hitman

    How-to Export Enpass6 data to Enpass5 ?

    Well this is strange ... I use it daily on multiple Linux and Windows Workstations with keyboard and mouse and everything is fine here. I like the look and feel and also the added animations (although I would not need them). So from my perspective it really is a UI polish on top of Enpass 5. Which brings me back to my initial point: it is subjective.
  4. Has you primary vault been created with a previous Enpass 6 beta version? Because the layout of the folder structure changed (the previous beta versions used a further subdirectory called "Enpass 6 Beta" ... simply move the vault out of that directory then it should work).
  5. What do you mean by that? You cannot access the same (shared) vault from Android and the Windows App? Are you sure the versions are identical? There is currently Enpass 5 (stable) and Enpass 6 Beta. They are not compatible (you can only convert from 5 to 6, but not back). Please check that you have Enpass 5 on Android and Windows or use the Beta on both systems (but don't forget that it is a beta ... keep backups!) Regarding having to type the master password on desktop: I usually prefer the PIN. i.e. I have to enter the Master Password only when starting Enpass, from then on out it is enough to enter a (relatively) short PIN. Having to enter the Master Password after a reboot (or after restarting Enpass) is something I can live with. At least on a machine with a physical keyboard. So at least for the time being you could look into the PIN feature as alternative to the fingerprint (on Windows).
  6. First of all, you should test before you buy. The free versions do work. But regarding your problem: what exactly do you mean by they don't work together? I have enpass running on Mac, Linux, Windows and Android and they all are synced via WebDAV. So I would say they work together pretty good. Also on my Android device the fingerprint unlock works fine .... can you be more specific what doesn't work on android and how that manifests?
  7. Hitman

    Windows Desktop is no longer for free!

    Paying for premium features is still far from non-free. You can still manage all passwords without restrictions. As far as I can tell, you don't lose anything in comparison to Enpass 5.
  8. Hitman

    Enpass 6 beta for Linux is now available

    Beware that the repo changed. So you may have to update your apt.sources.
  9. $ lsof -v lsof version information: revision: 4.91 latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/ latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man constructed: Wed Mar 28 21:26:35 PDT 2018 constructed by and on: builduser@anatol compiler: cc compiler version: 7.3.1 20180312 (GCC) compiler flags: -DLINUXV=414008 -DGLIBCV=226 -DHASIPv6 -DNEEDS_NETINET_TCPH -DHASUXSOCKEPT -DHASPTYEPT -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -DHAS_STRFTIME -DLSOF_VSTR="4.14.8" -O loader flags: -L./lib -llsof system info: Linux anatol 4.15.13-1-ARCH #1 SMP PREEMPT Sun Mar 25 11:27:57 UTC 2018 x86_64 GNU/Linux Only root can list all files. /dev warnings are disabled. Kernel ID check is disabled. Enpass claims to be version 6.0.0.197 The Browser extension claims to be 6.0.0.56 (Chrome) I have currently only one user session - ("ps ax | grep enpass" only contains one entry) ss -a - l -n -p reports "tcp LISTEN 0 128 0.0.0.0:10391 0.0.0.0:*" All my systems are running ArchLinux and I have that problem no matter what desktop environment I tried (gnome, cinnamon, kde/plasma). Is there anything else I can check for? Oh and Enpass 5 worked on those systems and as far as I can tell the first beta of Enpass 6 as well.
  10. Different problem for me ... the window doesn't even show. (Also I'm usually not using KDE, but tried it there as well without success). Interesting though ... I looked into the chrome debugger and the extension apparently tries ports 10394, 10395, 10392, 10393 and repeats .... it does not however try port 10391, where Enpass actually listens on.
  11. For me it is also still not working (both Enpass and the Chrome extension are up2date).
  12. Hitman

    New beta, old data

    Backup from old, restore to new. If you synchronize via a cloud provider, you should also be able to manually "update" the file system. The old beta used a subdirectory "Enpass6 Beta", the new one doesn't ... so simply move the vault out of that directory. (Or better yet: copy it out so you have a backup :))
  13. I would actually prefer to simply buy a license key I can use anywhere I use Enpass (which would be multi platform as well). Btw: why don't you have a donate button? Or a feature bounty program? (so I can donate to have a specific feature implemented) That would all be pretty nice ways to support you guys and wouldn't force you to force us to pay ;-)
  14. Hitman

    Enpass 6 beta for Linux is now available

    For consistency with the other releases for OSX and Win32 I would prefer AppImage. Then it's a single downloadable file like for the other operating systems.
  15. Hitman

    Cloud, network sync

    Raspi + Nextcloud (or a simple lightweight WebDAV server) could be a good choice. Or any NAS. Direct Device 2 Device would certainly be a cool thing (especially if they can discover each other over your local network), but I think having a little server in the middle should be doable. Or you simply host the WebDAV server on your PC ... many possibilities :-)
  16. Hitman

    MFA when entering master password

    Well, the online password managers I know (1Password, LastPass, Bitwarden) don't support a higher level of security as well. They use your master password (well, a derivation of it) together with an optional second factor (for example TOTP) to grant you access to the encrypted storage (that is basically the same as the webdav/icloud password in your case) and then the encrypted data gets decrypted locally using your masterpassword. So from that standpoint you should not be more insecure than with these solutions ... only difference being that you have complete control over storage (you ware not forced to use icloud :-)) and that enpass works 100% offline as well. If you simply stop synchronizing with icloud, your local file is still fine. Anyway: Enpass 6 has keyfile support. If you enable that (for a vault), you then need that together with your master password. Is this maybe enough to cover your case(s)? Then give the Enpass 6 beta a shot. For me it works reliably enough already and afaik the final versions should not be that far out. (Plus: I like the multi vault support!)
  17. Hitman

    MFA when entering master password

    IMHO it currently already is two-factor. The first factor is access to the (encrypted!) file. So you usually need username/password to even access WebDAV (or whatever cloud storage you use). So an attacker first has to get past that. If he/she manages that, the file is still encrypted with your master password. I handle it via NextCloud. My account there is protected with a second factor and for each individual Enpass installation I generate an application password to use (since I obviously cannot use a TOTP token for sync). I guess you cannot be much safer than that. And that is nothing that Enpass can change.
  18. Tried that, didn't work :'( (Also the other machines use Cinnamon where I do not have that option, afaik).
  19. For me it's even worse. The first click on the Enpass icon does nothing, all further clicks show a "enpass is not running" error (although it is running). I guess some background process dies right after the first try. This happens with Chrome based browsers and Firefox as well. On Windows it works, though. On all my Linux machines it currently doesn't.
  20. Hitman

    How-to Export Enpass6 data to Enpass5 ?

    Great work picking out the one point of my post that was even marked as being my opinion and completely ignoring all the objective points I listed otherwise. Nice style! I'm talking about User Interface, while you are talking about User Experience. The UI has more features than the Bitwarden UI. It's as simple as that. See examples above.
  21. Hitman

    How-to Export Enpass6 data to Enpass5 ?

    More locked in? Enpass 6 has an awesome export. You can export your complete vault to a JSON file which contains a lot more information (in a much more structured way) than Enpass 5 did (or a lot other password managers, for that matter). I also tried Bitwarden (simply because it's OpenSource), but it lacks a lot of polish that Enpass has (UI wise, IMHO). I miss custom field reordering, custom field categories, the templates and I cannot edit/add items in Bitwarden while I'm offline. Also Bitwarden "only" encrypts field contents, but not the structure of your vault items. While this is not a huge risk, I still don't like leaking metadata. All in all I feel a lot more safe and in control with Enpass. And thanks to the new multi vault feature I can also cover family or work shared items now.
  22. Hitman

    Fingerprint unlock behaving erraticaly

    Same problem(s) here. It is really annoying currently to have to type in the master password that often. Out in the open I have to type a long nasty password on a smartphone display where everyone could watch .... that's exactly something I do NOT want and one of the reasons to use a password manager in the first place. From the way it manifests I can only assume it is a bug (and not by design). Which gives me hope. Otherwise it might become a show stopper for me :-/
  23. Hitman

    First Beta of Enpass 6 for Linux is out!

    I have the same problem with the current beta. With the previous beta it was working flawlessly. (Tried with Firefox and Vivaldi).
  24. Hitman

    Hope dies last, but it dies.

    Me too, that's why I need a Linux Build. A missing linux build is why I can't use 1Password, for example. Cross-Platform support is important, so I'm very grateful that the Enpass team keeps up their good work. The most important thing is, that the final product works as flawless as possible, and their beta cycle(s) are there to ensure that. (Not to mention that they JUST released a new build for all platforms ;-))
  25. Hitman

    Enpass 6 encryption details

    Wow, thanks for being so forthcoming with these information. That really shows that you take security seriously (because obscurity won't work). Enpass rocks!
×