Jump to content
Enpass Discussion Forum

Cassiano Leal

  • Posts

  • Joined

  • Last visited

Posts posted by Cassiano Leal


    On 22 May 2016 at 2:05 PM, edenhaus said:

    Hi @Cassiano Leal,

    as you can read above, it already was decided to attach any kind of file and not only images.

    I disagree with your suggestion. First if you copy the wallet to a different location, you must verify that you copied all attachments. Next if the program use absolute paths, then you will get an error after copying it somewhere else.

    For syncing: As I have already written it in the post above, it is possible to sync only the difference of the file and not the whole file! I'm not sure if Enpass is using this function, but I think so.

    At the end your suggestion is more work for all, the developer to implement a function, which create encrypted attachments is a external file (I mean with external outside of the wallet) and for us customer, because we must be carefully, when we copy the wallet. Some people don't trust the cloud at all and manually copy the wallet to the different clients; Copying a single file is easier. On developer side it's easier to have all files in the wallet, because you only have to verfiy if the wallet is valid and not the whole attachments files... I don't to say more specific things, because I think it is clear, what I want to say.


    Hi @edenhaus,

    Great thing that all kinds of files will be attachable.

    Now, I've never suggested that the separate files reside on arbitrary locations. The "wallet" could be a bundle, like a directory composed by many files, entirely managed by the Enpass application. So I'm not suggesting to create anything *outside* the wallet, but rather expand the concept of the wallet to a file tree instead of only a file. This way the deltas could also be made smaller by splitting the main wallet into several smaller blocks, but that's for another discussion.

    You mentioned "if the program use absolute paths". Well, let me just say that, as a software and operations engineer, if I ever find out that Enpass is using absolute paths for *anything*, I'll ask for a refund of what I have already paid and cash out on the more expensive 1password or another alternative. Reason being that it would be sheer incompetence to do that, and I could not with my sane mind trust my passwords and other secrets to an app written by engineers who do that.

    Your last paragraph is also moot, because, again, I've never suggested having files dropped in arbitrary locations. I suggested separate files, which is a completely different thing.

    Also... More work for the developers? They are going to go through all the process of analysing, designing, breaking down into stories/specs/whatever they use to track activities, etc. Surely however they choose to implement this will require quite a bit of work, so making it work well and play well with syncs is probably a good acceptance criterion.

    Also, by having large attachments as separate files, they can potentially be lazily loaded, which is great for mobile devices.

    I hope that makes what I wanted to say clearer.


  2. I think this is a required feature. There are many things that don't fit in regular fields: SSH keys, authentication certs and keys, other secrets.

    Anyone from Enpass team care to give their view or an update?

    As a suggestion, attached files (chiefly binary files such as images) could go on a separate file from the main wallet; perhaps even one encrypted file for each attachment, or for all attachments of any particular item. That would speed up syncing as the database size grows.

  3. @edenhaus I disagree. I find the password generator's UX to be lacking. The fact that I had not realised that the bars were an absolute number of characters of each type is an example of that.

    On top of that, I have my default password length set to 32 but some websites have a lower maximum number of characters. That means every time I want to create a password for one of these, I have to change my recipe and then change it back afterwards.

    Thanks for the heads up though, it's really helpful. I have now adjusted my bars to account for the (hidden) lowercase char type.

    @Hemant Kumar I would suggest that the bars on the recipe generator did not translate to absolute numbers of characters of each type but rather weights, so that whatever the total number of characters my password has, it will auto-adjust. It might also make passwords a bit less predictable if the weights wouldn't always translate to the same number of characters relative to the total. A little bit of randomisation would be nice.

    The fact that there is a hidden character type (lowercase chars) smells of really bad UX as well, so I'd appreciate if that were fixed.

  • Create New...