jacek-dargiel
commented
3 years ago @droidmonkey Can you please update the bounty in the title?
Closed marekjedrzejewski closed 3 years ago
jacek-dargiel
commented
3 years ago @droidmonkey Can you please update the bounty in the title?
droidmonkey
commented
3 years ago 
wolframroesler
commented
3 years ago Is anyone working on this already? I'd really like to get this done because it's been around for so long, and many people really seem to need it. Could be next version's killer feature for countries where this kind of authentication is common. Don't have much time at the moment, unfortunately.
droidmonkey
commented
3 years ago I might beat yah too it, I'm upgrading many Auto-Type features today
wheybags
commented
3 years ago I actually started working on this independently, just saw this issue now. I'll try clean up what I've got and submit a PR, unless @droidmonkey says he has it done?
droidmonkey
commented
3 years ago I haven't done it, but there are major autotype changes in my branch
wheybags
commented
3 years ago There is no auto type functionality in my implementation.
wheybags
commented
3 years ago (Yet) :p
Wolvverine
commented
3 years ago How use this? What status?
droidmonkey
commented
3 years ago It's done, going to be merged into 2.7.0
droidmonkey
commented
3 years ago They likely only have a few permutations of choices and just precompute the hash for each permutation from your original password when you set/reset it. They definitely aren't being fancy!
phoerious
commented
3 years ago Salted one-character passwords sound like a pretty dumb idea, because the salt is in plaintext. Should be easily crackable in milliseconds if you know the scheme. Go, try it, here's a pair of sha256 hash and salt:
('d50ea1c16e2a426ca2e6f6a0492e0e39fa99422ff41c522ec85f3156768d4b74', '9kZB&%hG')And since the bank also needs to keep track of which hash is which character in which position, they would have to save all 6 as a list in the correct order, so it's basically just obfuscated plaintext.
kevin201
commented
1 year ago Pickchars syntax still apparently not aligned with keepass. Produces an error:
droidmonkey
commented
1 year ago We chose not to follow that syntax. You can opt to use another attribute by name (case matters), but not the character positioning portion. Example: {PICKCHARS:Username}
Original KeePass has {PICKCHARS} placeholders for entering partial password, would be nice if it was implemented.
Expected Behavior
When entry has {PICKCHARS} placeholder, window is opened that lets user choose which characters of the password should be entered. It looks like this in KeePass:
I'd gladly try to implement it myself if someone points me in the right direction :)