Jump to content

Ivarson

Members
  • Content Count

    64
  • Joined

  • Last visited

  • Days Won

    6

Posts posted by Ivarson


  1. Yubikey-support is mandatory for me as well. 

    Currently, I only use Enpass for storing TOTP-codes, and my first factor passwords are stored in a kdbx with Keeweb, which has excellent yubikey support and crossplattform for desktops. 

     

    • Like 1

  2. I had a vault of 4MB (300 items, 2 small but separate attachments, and many (maybe 50) custom icons in the database. 

    When deleting _all_ items, and emptying trash, the database was still huge (don't remember if was 4MB or shrunk to 3MB but it didn't slim down. 

    I made sure to delete every single custom icon. 

    Is this by design? (I know some databases and containers won't shrink / deallocate because of performance or security 


  3. On 6/1/2020 at 1:51 PM, Garima Singh said:

    Hey @enpass pin

    Thanks for using Enpass and writing to us.

    Please refer to this FAQ. To add extra randomness to your Master Password, you can use a KeyFile in Enpass. A KeyFile gets appended to your Master Password before the actual encryption or decryption of your data happens. So, even if someone, somehow gets access to your data and your Master password is also compromised (a worst-case scenario), your data is still safe as the Key-file (stored on your device) is required to decrypt your data.

    For more details, please refer to this link to our user manual page.

    Thanks.

    OP made a feature request;

    He wants Enpass to lock the database after 3 attempts, and then send an email to it's registered owner with a OTP to unlock it again.


  4. I just discovered hotkeys Ctrl+<up> and Ctrl+<down> for navigating in the left sidebar.

    But Ctrl+<key> skips sub-tags and imploded menus, so one has to expand them beforehand.

    Why not add Ctrl+<left> and Ctrl+<right> to expand nested tags as well as imploded menus so we can see everything without interacting with the moues?

    Thanks in advance


  5. ok, again the message you recieved in the browser is expected when using a browser to that url.

    But since its there the dav seems running.

    Backup enpass vaults and then remove data and set up sync again.

    If you're using external storage in nextcloud for enpass id then start checking those.

     

    Check the Log within nextcloud, esp. if youre using external storage.

     

    here's how you can investiage apache-logs, if you're not familar with it already.

    sudo apt install multitail -y && sudo multitail /var/log/apache2/access.log

    or grep your IP if you have much traffic to it

    egrep "192.168.1.123" /var/log/apache2/access.log

    You should see som PROPFIND and GET from your client reaching the Enpass-data and at least one response code if 200. redirects like 300 and forbidden 400 is fine.

    You should not see response codes of 500.

     


  6. On 3/5/2020 at 5:34 AM, avinator said:

    I've used enpass for a while now and I gave my email address to unlock some features...here were I am confused.. I installed a new os and installed a new copy of enapass..

    in the past i had to restore my database from a local file. Today, when I opened Enapss it prompted me to a password window. I entered my password and next think I was asked for was an email address which I entered and a security code was email to me. After entering the 6 digit code my vault opened up listing all my passwords...

    I thought passwords are stored locally. obviously they're not. What am I missing here ?

    Maybe you retained /home partition during reinstall, if it was a separate one. 


  7. On 2/11/2020 at 9:57 PM, IslandBoy said:

    It is exactly an issue of Enpass. You will see this if you follow the diagnostic I posted. There are 3 ways to close Enpass. 1 works, 2 don't. Clearly they are different. If you don't believe me, do the different close-downs and look at Task Manager. But please don't disagree with an untested "opinion".

    It's well-known behaviour that apps in windows goes to systray when clicking 'X' in upper corner or Close. Especially when it has a reason of living permanently during the logged on user's session like Enpass does to serve queries from your webbrowsers plugin. 

    It also makes perfect sense that the files are locked while the app is opened since Enpass needs to respond fast upon a query from a plugin or a keyboard shortcut is pressed, and also it does background sync while being locked

    It's techincally possible to release the file allocations while app is still running, but it's error-prone, and Enpass has builtin Sync so there is no point.


  8. Not sure if this is an issue of enpass. Enpass has its sync mechanism, mixing in another sync mechanism (Onedrive) is not ideal,generally speaking.. 

    If you install the Store version, I think your db will reside in appdata rather than Documents, otherwise I'd stop syncing Documents if possible, Onedrive's default location is directly under user's home folder. 

    Doesn't seem like you're able to exclude files yet in Onedrive https://answers.microsoft.com/en-us/msoffice/forum/all/stopping-onedrive-from-syncing-specific-files/e5f3fd2e-6ec4-403b-9435-1ada19026919

    At least not Onedrive personal, but for Onedrive Business the admin can apparently do it 


  9. I dont think Enpass was targeted, there where easier, standardized targets with APi's like you mentioned. They also stole oath tokens meaning that no matter how you store your password, the resulting granting "ticket" for e.g Google or Microsoft Live was passed on.

    But of course Enpass wouldnt sustain a root-level threat like that if being targeted. The security of an individual app cant hold up if security of underlying operating system is broken.

     


  10. Good respone @Hemant Kumar, but I think another thing is the sellingpoint of Enpass.

    While some other password manager have their sourcecode opened, they offer subscriptions, onlinestorage and/or sync of the vaults.

    Enpass moto is "No subscription" and "...nothing is stored on our servers".

    What enpass has is a good piece of software especially considering the cross-plattform UXP with clients for a broad range of operating systems.

    While it still lacks autotype, it's still unbeatable at being everywhere; from Linux desktop all the way to my wrist.

    Opening up the code completely would lead to numeruos forks on Github in no time, and the golden egg wouldn't..well there would be more eggs..

    And, sure the third fork could have a oneliner backdoor implemented, but that applies to all software on github.

    IMHO it's fully understandable if Enpass having 25 employees with paychecks working hard on numeruos platforms wants to keep an ace in their sleeve, it's just happens to be one of the _worst_ software categories to keep behind closed bars nowadays :-)

    While I was one of those asking for an audit, which you did (kudos again), perhaps you could still conscider opening parts up in a distant future.

    For instance, in version 6, core and UI is written separately, perhaps you could open up the core code, leaving GUI propriertary?

    Or, open up core+UI but leverage some extra parts only through licensed stores which you're already doing (Pro).

    E.g Enpass could be available FOSS on Github, but the cloudsync would only be available on your site, (still free for desktops)

     

     

     

    • Like 1

  11. I had this issue too, probably something with play store or play services. Had to clear data for play store to solve it. 

    Surely the database itself isn't truncated just because it you're back to eval, it's just the view on the mobile devices that's being limited. 

     

    So you can always view it on a desktop 

×
×
  • Create New...