Jump to content

Search the Community

Showing results for tags 'spectre'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General discussion
    • Hot topics
    • Enpass Support & Troubleshooting
    • Autofilling and Desktop Browser Extensions
    • Data Security
    • Announcements
  • Help us improving Enpass
    • Feature requests
    • Enpass Beta
    • Localization
  • General discussion

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Found 1 result

  1. Hello Enpass-Team, happy new year to you! I'm a very happy user of Enpass and it's perfect usability. But since some week's I'm frightened about the usage of password-managers because of the released information regarding Meltdown and Spectre (CVE-2017-575, CVE-2017-5715 and CVE-2017-5753) Especially Meltdown can lead to a dump of the Memory of Applications like Password-Managers, which are one of the most valuable targets! I know, that MicroCode-Workarounds for CPUs and OS-BugFixes are on the way, but I want to ensure, that you have implemented Enpass in a way, to minimized the possibility to extract our passwords via such vulnerabilities. Can you please give us some information, how you protect our data against such issues? For example: When do you decrypt the passwords and store it in RAM? - When the user unlocks enpass, or when the user requests one specific password? Do you decrypt always all passwords or only the one which is requested? I know you use SQLCipher as backend. Does this mean, that always the whole Database is decrypted after unlocking enpass? Please let us know some details. This is very important, especially as long as no audit of enpass exists. Thanks in advance for you detailed explanation, wachschaf
×