KN4CK3R
commented
6 years ago Don't know if this can be "fixed" because of the way how KeePass works. It's technicaly the same problem as in #18 or #13.
Closed Mortimersnodgrass closed 6 years ago
KN4CK3R
commented
6 years ago Don't know if this can be "fixed" because of the way how KeePass works. It's technicaly the same problem as in #18 or #13.
wellread1
commented
6 years ago If you are unable to address the issue directly, perhaps you can disable the "Print Emergency Sheet..." menu item when the MasterKey is the QuickLock plugin. At other times KeePass will print the "correct" Emergency Sheet.
KN4CK3R
commented
6 years ago The emergency sheet is offered after you create a new database. At this moment you can print it without problems. If you want to print it afterwards just don't unlock the database with the plugin. To prevent printing is just overkill. The whole emergency sheet is a bad idea. It's usefull for "normal" people who want to use a password manager but don't really care. You should never write a password for whatever on a sheet of paper and store it somewhere "safe".
wellread1
commented
6 years ago It seems to me that it is the responsibility of the plugin developer to mitigate any undesirable side effects that a plugin creates.
KN4CK3R
commented
6 years ago True, but technicaly this is the desired result. ;) See EmergencySheet.cs @ line 343. If a custom key is used, just the name is printed. That may not be a usefull info in that moment but since there is nothing I could do to prevent it, I'm fine with the current result.
wellread1
commented
6 years ago I believe that the "desired result" is to print an Emergency Sheet that can be used to open a closed database. The composition of a Master Key exclusively managed by KeePass does not change when a database is locked. Therefore an Emergency Sheet that prints the the Master Key composition at the time the report is generated achieves the desired result. However, QuickLock key provider creates a special case of a Master Key composition that changes when the database is first locked. This causes KeePass to print an Emergency Sheet that is useless for opening a closed database.
The question is how should a plugin created special case be handled?
Perhaps the KeePass developer could provide some suggestions or make modifications to KeePass that would facilitate a fix or mitigation. I think that is a matter best handled between you and the KeePass developer. It may be that this problem is intractable, or it is too much work to fix or mitigate, but if it can be fixed or mitigated I think it should be.
When QuickUnlock is used to open a database, the Emergency Report in the newest Keepass release puts a key provider QuickUnlock in the Password field rather than a pen and hand indicating they should write in the password. This won't work.