search

keepassxreboot / keepassxc

KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
https://keepassxc.org/
Other
21.39k stars 1.48k forks source link

Notify on unlock as safety measure #11398

Closed arichiardi closed 4 weeks ago

arichiardi commented 4 weeks ago

Summary

For identifying cases when a database is unlock without your consent it would be nice to have KeepassXC send notification message (for example via PUT/POST to ntfy).

Examples

New opt-in menu (like Browser Integration) that shows a selector with supported notification tools that we can integrate easily (ntfy is very easy, you just specify server and topic, for instance).

Context

This allows you act as fast as possible on your passwords if you recognize the db was compromised.

droidmonkey commented 4 weeks ago

No thank you, this violates our security guarantees of not sending data/information external to your computer. Also it doesn't matter, if you are being attacked in such a way they will just steal your database file and unlock it without this setting in place. Or they'll disable the setting.

arichiardi commented 3 weeks ago

Understand about the policy, which is fair.

It is not clear to me what "such a way" is here. The tone is a bit dismissive IMHO.

If we think it through a little, the check could have been done at every password attempt that failed.

I am unsure at this point if the keepassxc policy of not sending data should apply to safety measures. The app can already merge/save to external sources so I am unsure if that argument holds 🤷

droidmonkey commented 3 weeks ago

Fundamentally, there is no such thing as consent or ownership for keepass databases. If you know the credentials, then the database is "yours". This is mainly because of the offline nature of the format. If an attacker can unlock your database, then they can do it from any keepass compatible app. If this alerting feature is only implemented in KeePassXC then you'll never know it was unlocked anywhere else. Also any previous version of keepassxc would have no awareness of the alerting feature.

All this to say, it's just not worth the added risk of now calling out to a 3rd party service.

arichiardi commented 3 weeks ago

Now, this explanation makes a lot of sense. Thank you for taking the time for expanding on it. Did not consider the aspect of other keepass apps being able to open the db.