spinedoc777 Posted December 26, 2022 Report Share Posted December 26, 2022 (edited) I've been a happy user of Enpass for years now, but this lastpass debacle has me concerned. My main concern is how Enpass handles the type of user information which lastpass apparently did not encrypt, info like website URLs and other metadata, although I'm not clear if that metadata was part of their vault or just information lastpass had in dealing with customers. I'd like to learn more about how Enpass hands off the password vault to a cloud provider and any inherent risks with that. This would seem like a very valuable discussion with your customers to feel at ease using Enpass going forward. Edit: So from what I've been reading, it looks like part of the UNENCRYPTED data compromised was the URL site of each password entry (and possibly other site entry information)! So i definitely have this question for Enpass, how is this information handled, is it also encrypted along with passwords and not stored anywhere else but inside the password vault? Edited December 26, 2022 by spinedoc777 Link to comment Share on other sites More sharing options...
Discordant Posted December 27, 2022 Report Share Posted December 27, 2022 Your answer is on the security page of Enpass’ website (in the FAQ): https://www.enpass.io/security/ Your cloud always contains a copy of same encrypted data as on your device. We download the whole encrypted copy and decrypt it locally on your device for real sync operation to merge changes. Afterwards we upload the encrypted data on cloud. In a nutshell, your cloud is only a storage medium and no security related operation ( encryption or decryption ) is actually performed there. All such operations are performed locally on your device. 1 Link to comment Share on other sites More sharing options...
Mohit Thapa Posted December 29, 2022 Report Share Posted December 29, 2022 @spinedoc777 @Discordant Thank you for taking the time to write this post and for being part of the Enpass Password manager family. Furthermore, an Enpass vault is a SQLCipher database, which is a 100% encrypted blob. It includes all sensitive information and the metadata. Please refer this link for more information. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now