April 21, 20232 yr I've just learned that PBKDF2 encryption is outdated and vulnerable, and Argon2 or bcrypt are now the preferred password hashing implementation in modern password managers. When is Enpass going to upgrade or at least provide the option of using a secure password hasher? Raising the bar on security
April 24, 20232 yr Hi @GeoCrackr Thank you for sharing your valuable suggestion. You will be pleased to know that Enpass developers are aware of this feature request, and they are already working on implementing it. Moreover, I have also shared your comments as feedback with them. I will be unable to share any ETA for the same, but I will be sure to update this forum once it is released. Your support and patience in the meantime are greatly appreciated. #SI-3240
January 18Jan 18 @Abhishek Dewan Thanks for the earlier answer. Since that post is now a few years old, could you share whether there is any current status update on adding a memory-hard KDF (e.g., Argon2id) as an alternative to PBKDF2 for vault key derivation? The current version of the Enpass Security Whitepaper states that Enpass is currently using 320,000 rounds of PBKDF2-HMAC-SHA512. I understand you may not be able to provide an ETA, but it would be very helpful to know whether this is: still actively being worked on, still planned but not currently prioritized, or no longer planned (and if so, what the rationale is). Even a high-level update would be appreciated. Thank you.
Create an account or sign in to comment