Jump to content
Enpass Discussion Forum

Domi

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Posts posted by Domi

  2. iPad/iOS: Crash/Freeze/No Autofill under 6.8.3

    in iOS

    Posted · Edited by Domi

    On 11/1/2022 at 9:54 AM, Manish Chokwal said:

    Hey @pineman,

    It is appreciated that you informed me about the existence of this issue. My team has been alerted for further investigation at a high priority. In the meantime, your patience is highly appreciated here. 

    Still the same error on 6.8.4, w/ iOS 16.0.2. 
     

    I also tried to create a new item, but still the “no information…” thingy in the browsers.

  3. [NEWS] Some Password Managers Expose the Data they're Designed to Protect

    in Data Security

    Posted

    On 2/26/2019 at 1:26 PM, Vinod Kumar said:

    Enpass is composed of two parts, Core and UI. The Core part is entirely in C++ and we have done extensive memory sanitization there. Almost always, UI part is responsible for leaking secrets because once an item is displayed in UI, we don't have control over its internal UI buffers. We have to depend upon garbage collector of framework/language to finish the work. One possible solution is to create custom controls for everything related to password and here is what we have done in various scenarios:

    1. Master password is always scrubbed just after unlocking your database or usage on any other screen. Our custom editor control for master password input ensures this. You will almost never find a trace of master password in memory.
    2. Only the password, you are currently interacting  is loaded into memory and scrubbed after its usage. The UI control to view a password is a custom control.
    3. Editing passwords - This is the only time we use stock UI control to edit item password. For better user experience, we are not using the same custom control we use for master password. This password may or may not be found in the dump depending upon when it was freed by framework.

    This is impressive and amazing to read, especially if you're a developer and you know exactly how much effort it takes to prevent such memory leaks. Developing UI controls from scratch and skipping on stock / framework UI controls to ensure security is quite a thing. Thanks!

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy