HackerTrans
TopNewTrendsCommentsPastAskShowJobs

droidmonkey

no profile record

comments

droidmonkey
·8 miesięcy temu·discuss
Additionally, the original KeePass project has no public development or public review process for their code. They do everything behind the scenes and only publish code when a release is made. KeePass is "code available" open source.
droidmonkey
·8 miesięcy temu·discuss
Decades of programming and open source experience.
droidmonkey
·8 miesięcy temu·discuss
> From where does that confidence come?

From decades of experience, quite honestly.
droidmonkey
·8 miesięcy temu·discuss
We did not create this process for AI, it has been our process since 2016.
droidmonkey
·3 lata temu·discuss
A blog post has been put up to address this: https://keepassxc.org/blog/2023-06-20-cve-202335866/

Additionally, this is certainly not unique to KeePassXC. KeePass original and other clones we have tested do not require entering your credentials again prior to export or credential change.
droidmonkey
·3 lata temu·discuss
Hi there, lead developer of KeePassXC here (and writer of a lot of code). The TOTP and SSH Agent are generally not a security issue. TOTP has no external interfaces and SSH Agent only writes to the known interface standards of those programs. There is actually not much to those code areas.

Auto-Type is similarly rather simple at the interface level (except for X11 because its X11). We call native OS functions to emulate typing.

Similarly the internal reporting features are rather benign. HIBP checks requires explicit approval by the user before anything happens.

The browser code and FDO Secrets code definitely needs auditing. The browser extension is separate from the browser code within KeePassXC proper.

KeeShare is going to be entirely rewritten for our 2.8.0 release.