Jump to content
Enpass Discussion Forum

Open source


cutalion

Recommended Posts

Hi @cutalion

Thanks for your question here on Enpass Forums. We are really happy to see your concerns about the security of your data. 

Yes, Enpass is not an open source software because of the nature of our business. 

First things first, its the security of your data. Instead of our own proprietary code for Cryptography, we have moved to SQLCipher (which is an open source Cryptography Engine) and is being used in worldwide. You can read more about security-in-enpass here

Being an offline software, your data is never stored on our servers and never leavs your system in unprotected way. You can verify this by using network sniffers on your device.

For more you can go through our Security FAQs here https://www.enpass.io/kb/mac-os-x/

Cheers!

  • Like 2
Link to comment
Share on other sites

  • 4 weeks later...
On 6/14/2016 at 2:07 PM, Hemant Kumar said:

Enpass is not an open source software because of the nature of our business.

That you want to sell the software doesn't mean you cannot distribute the source code. Actually, the forum software you're using for this community does it like this. If you buy Invision Power Board, you'll get the source code. It doesn't have to be open source licensed.

On 6/14/2016 at 2:07 PM, Hemant Kumar said:

Being an offline software, your data is never stored on our servers and never leavs your system in unprotected way. You can verify this by using network sniffers on your device.

The fact that Enpass isn't submitting all my passwords to enpass.io right now doesn't mean anything. I'm currently using iptables to restrict Enpass from doing so, but I don't know yet how to archive the same thing on my unrooted Android :D

Edited by fnkr
  • Like 2
Link to comment
Share on other sites

  • 3 weeks later...

@fnkr I agree that it would be really cool if Enpass were completely open source (or at the very least, the code for the password generator). As someone who tries to do everything using FOSS I'm willing to use it because the core crypto part of it is open source/cryptographer-reviewed (SQLCipher), with some kind of awesome sauce on top to make it user-friendly/cross-platform (thanks to NW.js, I'm guessing?) I guess I also trust them also because their business model is pretty transparent, and the fact that they are ownCloud-friendly.

Have you tried looking at the Enpass app with Wireshark? ;)

Edited by 4oo4
Link to comment
Share on other sites

@4oo4 No, I haven't yet because:

On 7/12/2016 at 10:31 AM, fnkr said:

The fact that Enpass isn't submitting all my passwords to enpass.io right now doesn't mean anything.

And I don't worry about it because:

On 7/12/2016 at 10:31 AM, fnkr said:

I'm currently using iptables to restrict Enpass from doing so

 

Link to comment
Share on other sites

  • 2 weeks later...
On 7/12/2016 at 4:31 AM, fnkr said:

That you want to sell the software doesn't mean you cannot distribute the source code. Actually, the forum software you're using for this community does it like this. If you buy Invision Power Board, you'll get the source code. It doesn't have to be open source licensed.

The fact that Enpass isn't submitting all my passwords to enpass.io right now doesn't mean anything. I'm currently using iptables to restrict Enpass from doing so, but I don't know yet how to archive the same thing on my unrooted Android :D

Would a no-root firewall like NetGuard solve your problem on Android?

Link to comment
Share on other sites

On 8/12/2016 at 6:57 PM, lnh said:

Would a no-root firewall like NetGuard solve your problem on Android?

Basically yes, but I'm already using another app that provides a VPN service (Shadowsocks).

Quote

(2) Can I use another VPN application while using NetGuard

If the VPN application is using the VPN service, then no, because NetGuard needs to use this service. Android allows only one application at a time to use this service.

Source: https://github.com/M66B/NetGuard/blob/4ff9a2b/FAQ.md#FAQ2

 

On 8/12/2016 at 10:45 PM, anewuser said:

Do you mean you launch Enpass as another user and block all connections from that username with iptables?

Yes. The second user is necessary because iptables does not have the ability to filter packets by application. Another solution would be firejail with --net=none.

Link to comment
Share on other sites

On 14/08/2016 at 8:06 AM, fnkr said:

Yes. The second user is necessary because iptables does not have the ability to filter packets by application. Another solution would be firejail with --net=none.

I actually know about firejail, but launching Enpass (and other programs) with it on startup will not hide their windows automatically in the system tray.

Link to comment
Share on other sites

  • 4 months later...
Guest
This topic is now closed to further replies.
×
×
  • Create New...