Open rugk opened 4 years ago
Hello, just to let you know that KeePassXC was finally audited after 6 years of existence : https://keepassxc.org/blog/2023-04-15-audit-report/ If there is a way for KeePassDX to be audited too, that would be great!
The code is open and accessible, If a security expert wants to do an audit, he is of course welcome. :)
From KPXC audit report pdf [Memory Protection and Deallocation, page 25]
KeePassDX password manager decides not to protect even passwords by default, strangely, it is an option with KDBX4 format.
Any specific reason for this? If discussed before please post the issue link. Thanks.
Link to KeePassXC audit : https://keepassxc.org/assets/pdf/KeePassXC-Review-V1-Molotnikov.pdf
No specific reason, the configuration remained the same as KeePassDroid even after refactoring the code in order to keep the same behavior and not have any side effects. Because of the nature of the memory partitioning per application on Android and the JVM, there is in my opinion little risk at this level, but I will change this default configuration and check that it does not have any harmful behavior (especially on the search, so in a first time apply the configuration only on the password).
It would be good if this software could be professionally audited once, at least… (with all the growing complexity and features to be implemented)
I know that's hard and likely too much to crowdfund. A support program like EU Horizon or so may be more realistic or something similar… :thinking: