cutalion Posted June 10, 2016 Report Share Posted June 10, 2016 I do not want to save all my passwords in the Enpass application because it's not open source. I like that it looks great on linux, android and ios. I'd happy to pay for the apps. But how can I be sure, that it does everything right? 1 Link to comment Share on other sites More sharing options...
Hemant Kumar Posted June 14, 2016 Report Share Posted June 14, 2016 Hi @cutalion Thanks for your question here on Enpass Forums. We are really happy to see your concerns about the security of your data. Yes, Enpass is not an open source software because of the nature of our business. First things first, its the security of your data. Instead of our own proprietary code for Cryptography, we have moved to SQLCipher (which is an open source Cryptography Engine) and is being used in worldwide. You can read more about security-in-enpass here. Being an offline software, your data is never stored on our servers and never leavs your system in unprotected way. You can verify this by using network sniffers on your device. For more you can go through our Security FAQs here https://www.enpass.io/kb/mac-os-x/ Cheers! 2 Link to comment Share on other sites More sharing options...
fnkr Posted July 12, 2016 Report Share Posted July 12, 2016 (edited) On 6/14/2016 at 2:07 PM, Hemant Kumar said: Enpass is not an open source software because of the nature of our business. That you want to sell the software doesn't mean you cannot distribute the source code. Actually, the forum software you're using for this community does it like this. If you buy Invision Power Board, you'll get the source code. It doesn't have to be open source licensed. On 6/14/2016 at 2:07 PM, Hemant Kumar said: Being an offline software, your data is never stored on our servers and never leavs your system in unprotected way. You can verify this by using network sniffers on your device. The fact that Enpass isn't submitting all my passwords to enpass.io right now doesn't mean anything. I'm currently using iptables to restrict Enpass from doing so, but I don't know yet how to archive the same thing on my unrooted Android Edited July 12, 2016 by fnkr 2 Link to comment Share on other sites More sharing options...
4oo4 Posted July 28, 2016 Report Share Posted July 28, 2016 (edited) @fnkr I agree that it would be really cool if Enpass were completely open source (or at the very least, the code for the password generator). As someone who tries to do everything using FOSS I'm willing to use it because the core crypto part of it is open source/cryptographer-reviewed (SQLCipher), with some kind of awesome sauce on top to make it user-friendly/cross-platform (thanks to NW.js, I'm guessing?) I guess I also trust them also because their business model is pretty transparent, and the fact that they are ownCloud-friendly. Have you tried looking at the Enpass app with Wireshark? Edited July 28, 2016 by 4oo4 Link to comment Share on other sites More sharing options...
fnkr Posted August 1, 2016 Report Share Posted August 1, 2016 @4oo4 No, I haven't yet because: On 7/12/2016 at 10:31 AM, fnkr said: The fact that Enpass isn't submitting all my passwords to enpass.io right now doesn't mean anything. And I don't worry about it because: On 7/12/2016 at 10:31 AM, fnkr said: I'm currently using iptables to restrict Enpass from doing so Link to comment Share on other sites More sharing options...
lnh Posted August 12, 2016 Report Share Posted August 12, 2016 On 7/12/2016 at 4:31 AM, fnkr said: That you want to sell the software doesn't mean you cannot distribute the source code. Actually, the forum software you're using for this community does it like this. If you buy Invision Power Board, you'll get the source code. It doesn't have to be open source licensed. The fact that Enpass isn't submitting all my passwords to enpass.io right now doesn't mean anything. I'm currently using iptables to restrict Enpass from doing so, but I don't know yet how to archive the same thing on my unrooted Android Would a no-root firewall like NetGuard solve your problem on Android? Link to comment Share on other sites More sharing options...
anewuser Posted August 12, 2016 Report Share Posted August 12, 2016 (edited) On 12/07/2016 at 5:31 AM, fnkr said: I'm currently using iptables to restrict Enpass from doing so Do you mean you launch Enpass as another user and block all connections from that username with iptables? Edited August 12, 2016 by anewuser Link to comment Share on other sites More sharing options...
fnkr Posted August 14, 2016 Report Share Posted August 14, 2016 On 8/12/2016 at 6:57 PM, lnh said: Would a no-root firewall like NetGuard solve your problem on Android? Basically yes, but I'm already using another app that provides a VPN service (Shadowsocks). Quote (2) Can I use another VPN application while using NetGuard If the VPN application is using the VPN service, then no, because NetGuard needs to use this service. Android allows only one application at a time to use this service. Source: https://github.com/M66B/NetGuard/blob/4ff9a2b/FAQ.md#FAQ2 On 8/12/2016 at 10:45 PM, anewuser said: Do you mean you launch Enpass as another user and block all connections from that username with iptables? Yes. The second user is necessary because iptables does not have the ability to filter packets by application. Another solution would be firejail with --net=none. Link to comment Share on other sites More sharing options...
anewuser Posted August 18, 2016 Report Share Posted August 18, 2016 On 14/08/2016 at 8:06 AM, fnkr said: Yes. The second user is necessary because iptables does not have the ability to filter packets by application. Another solution would be firejail with --net=none. I actually know about firejail, but launching Enpass (and other programs) with it on startup will not hide their windows automatically in the system tray. Link to comment Share on other sites More sharing options...
dbrgn Posted January 10, 2017 Report Share Posted January 10, 2017 I'd also gladly get a subscription if the code would be open sourced. 1 Link to comment Share on other sites More sharing options...
Recommended Posts