hidden keyfile input has gone - Githubissues

keepassxreboot / keepassxc

KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.

https://keepassxc.org/

Other

20.93k stars 1.45k forks source link

hidden keyfile input has gone #10944

Closed bits-fritz closed 3 months ago

bits-fritz commented 3 months ago

Overview

Hidden input of keyfile path has gone with version 2.7.9 (at least could not find a preference option to get it back)

Steps to Reproduce

open keepassxc - open database
try to enter path for secret keyfile via keyboard (with hidden chars)
only link for file picker appears wich let everyone see the path you select (for example when sharing your desktop at beamer, video conference etc..
search preference for altering the behaviour fails

Expected Behavior

joice for either entering the path via keyboard or selecting via file picker should appear as did up to version 2.7.8

Actual Behavior

only file picker possible to enter secret keyfile

Context

This makes it impossible to keep the path of the secret keyfile secret in certain environments.

KeePassXC - Version 2.7.9 Revision: 8f6dd13

Qt 5.15.14 Diagnosemodus ist deaktiviert.

Betriebssystem: Arch Linux CPU-Architektur: x86_64 Kernel: linux 6.9.5-arch1-1

Aktivierte Erweiterungen:

Auto-Type
Browser-Integration
Passkeys
SSH-Agent
KeeShare
YubiKey
Secret-Service-Integration

Kryptographische Bibliotheken:

Botan 3.4.0

Operating System: Linux Desktop Env: XFCE Windowing System: X11

phoerious commented 3 months ago

The name and location of the key file isn't secret and the security of your database should not depend on it. But if you let KeePassXC remember the key file, it'll show up as **** next time if you have the option to mask the path enabled.