Comments (2)
subdavis
commented on May 15, 2024
For anyone reading this in the future, Tusk does not use disk storage to cache credentials anymore. This security hole has been patched.
from tusk.
johnfernow
commented on May 15, 2024
A couple thoughts
- Is "keep unlocked" very insecure if you have full-disk encryption? If the computer is shut down while the database is kept unlocked, it still wouldn't be able to be accessed without the boot/user password, right?
- Wouldn't a PIN practically suffer from the same vulnerabilities as the original "keep unlocked" function if the user's computer doesn't have full-disk encryption? Even a shorter, alternative password of 8 random characters can now be cracked relatively quickly. I know Keepass2Android gives you one shot to enter the last 3 characters, but if your drive is unencrypted, it can be cloned and attempted indefinitely.
Perhaps, we could add back the ability to remember the database password indefinitely, but display a huge warning to the user that they should only do so if their computer has full-disk encryption, and if it is not, their password can be stolen trivially easily if someone has physical access to their device. We could add links for users on how to check to see if their device is full-disk encrypted on various platforms (and instructions on how to do so). Obviously your call though, just wanted to give my opinion.
from tusk.
Related Issues (20)
- Unable to login to onedrive - account don't exist HOT 2
- First argument to DataView constructor must be an ArrayBuffer HOT 1
- Shared Link Not Working HOT 3
- User Name and Password Fields not found. HOT 1
- Password Quality Estimation HOT 1
- The old password remained in tusk HOT 2
- You have previously granted Tusk permission to fill passwords HOT 2
- Kiwi Web Browser
- Autofill/Autotype Behaviour Improvements HOT 1
- Unable to save shared link database HOT 2
- Keepass Tusk don't remember masterpassword
- "e is not an object" error on master password entry HOT 1
- Scan button doesn't react for WebDav HOT 2
- Adding Seafile as a cloud storage option
- Did somebody take over further development? HOT 2
- Add OneDrive for Business as Cloud Storage Provider HOT 1
- Tusk won't launch HOT 1
- Problem using keyfile 4 kdbx HOT 1
- Google drive error HOT 1
- Error: Authorization page could not be loaded on Dropbox
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tusk.