An interesting and important question that was already raised, but not yet answered, in another thread:

Is Enpass' built-in password generator part of SQLCipher or otherwise (if yes, how so?) open source and therefore trustworthy?

I currently feel no need to demand to make the whole application open source as long as the security-relevant parts are. But the password generator is one of these and therefore a reassuring answer would be nice.

If it's not open source, what are the plans in that regard? If it is, I think you should advertise that on your website, too.

Edited November 26, 20169 yr by Patneu
Tag added

+1

Hi, guys!

Thanks for writing in. This year we have plans to refactor Enpass, and we are also considering to open source few components (those which do not conflict our business interests) including the password generator.

Cheers!

Ok, sounds promising. I'm looking forward to it.

I am another person who would absolutely buy enpass if it was open sourced. Since it is not, I have very little way to be confident in the security of the platform and am not willing to entrust my data to it.

I hate to be a classic "I won't buy this and neither will my 500 friends", but I was really excited to hear about your product, and really disappointed to find out that it is closed source. I appreciate you have "business interests", but those business interests prevent me from purchasing a subscription for myself and my partner. It's a paltry two sales, but maybe those might add up?

As an aside, my (limited) experience shows that when companies say they can't open source software because of "business interests", that is because those business interests are at the expense of your users.

Edited March 30, 20178 yr by stooj
Edited for clarity