sxc4567 Posted May 18, 2017 Report Posted May 18, 2017 A key reasons I use Enpass over competing solutions is that I'm keen to keep my vaults local. I know it's all encrypted but prefer to shield myself from future encryption vulnerabilities and brute force attacks... So, in order to sync between my Ubuntu laptop and iPhone, I setup a WebDav server on the office WiFi, which seems to work well. However there's an issue with the iOS app: whenever the WebDav server isn't available, it keeps pestering with red "Error syncing data" banners. These come back a few seconds after being dismissed (the Linux client's UI is better behaved, simply colouring the sync icon red). Thankfully these banners aren't too intrusive but I'm wondering what they imply; presumably every re-appearance means the app has again been looking for the server. An attacker could observe this behaviour and try to exploit it. May I suggest some ways to improve this? Provide a "manual" (vs. the current "automatic") syncing option and a button allowing the user to explicitly request a sync from the client (the Linux client sort of has this: a "sync now" button under "Status: couldn't connect to server"). If the client/app is in "manual" mode, then sync only occurs when explicitly requested. Automatically switch to "manual"/"offline" after a number of repeated automatic sync failures rather than keep trying. (smart feature): offline/online behaviour could be tied to a WiFi network (ie: sync is auto-enabled when on a known network). These three features are incremental improvements; ie: one could start with feature 1. for the bare minimum which would address the current shortcoming. PS: Clicking "Disconnect" in the Sync settings pane is definitely not a solution as it clobbers the complete sync settings. Many thanks! Chris
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now