Closed boris-bc closed 1 year ago
marius-wieschollek
commented
1 year ago After some time of no contact with the server, the session is ended and the extension needs to restart the authentication process. The extension has no secure way of storing the encryption passphrase and therefore asks for it every time.
Duplicate of #174
boris-bc
commented
1 year ago So this extension is not suitable for laptops that get moved around and lose connection or get into sleep or shutdown.
On Tue 21. 3. 2023 at 12:35 M. Wieschollek @.***> wrote:
After some time of no contact with the server, the session is ended and the extension needs to restart the authentication process. The extension has no secure way of storing the encryption passphrase and therefore asks for it every time.
Duplicate of #174 https://github.com/marius-wieschollek/passwords-webextension/issues/174
— Reply to this email directly, view it on GitHub https://github.com/marius-wieschollek/passwords-webextension/issues/257#issuecomment-1477681708, or unsubscribe https://github.com/notifications/unsubscribe-auth/APBD26EMTBQ35HQZHULVILLW5GG7VANCNFSM6AAAAAAWCCY4OY . You are receiving this because you authored the thread.Message ID: @.*** com>
-- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
boris-bc
commented
1 year ago How does it work on the phone app? The pass phrase gets stirred there somehow.
On Tue 21. 3. 2023 at 12:35 M. Wieschollek @.***> wrote:
After some time of no contact with the server, the session is ended and the extension needs to restart the authentication process. The extension has no secure way of storing the encryption passphrase and therefore asks for it every time.
Duplicate of #174 https://github.com/marius-wieschollek/passwords-webextension/issues/174
— Reply to this email directly, view it on GitHub https://github.com/marius-wieschollek/passwords-webextension/issues/257#issuecomment-1477681708, or unsubscribe https://github.com/notifications/unsubscribe-auth/APBD26EMTBQ35HQZHULVILLW5GG7VANCNFSM6AAAAAAWCCY4OY . You are receiving this because you authored the thread.Message ID: @.*** com>
-- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
marius-wieschollek
commented
1 year ago If you mean the android app from joleaf, it uses Androids KeyStore functionality to store the passphrase in a secure way.
boris-bc
commented
1 year ago Yes, though I meant the iOS app. Can’t the extension use the OS KeyStore?
On Tue 21. 3. 2023 at 13:03 M. Wieschollek @.***> wrote:
If you mean the android app from joleaf, it uses Androids KeyStore functionality to store the passphrase in a secure way.
— Reply to this email directly, view it on GitHub https://github.com/marius-wieschollek/passwords-webextension/issues/257#issuecomment-1477718084, or unsubscribe https://github.com/notifications/unsubscribe-auth/APBD26HWRSXMPXVUCXW3UUDW5GKHZANCNFSM6AAAAAAWCCY4OY . You are receiving this because you authored the thread.Message ID: @.*** com>
-- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
marius-wieschollek
commented
1 year ago I haven't checked the code of the iOS app, but it likely works in a similar manner. The webextension can only use the APi provided by the browser which currently does not provide a secure way to store the data.
System Information
Steps to reproduce
Expected result
The extension should remember the passphrase and not ask to enter it again.
Actual result
The extension keeps asking for the pasphrase.
Browser log
Browser log
background.js:2 Could not establish connection. Receiving end does not exist. Error: Could not establish connection. Receiving end does not exist. at I (background.js:2:748828) Object Error: Could not establish connection. Receiving end does not exist. at I (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:748828) _addError @ background.js:2 background.js:2 Could not establish connection. Receiving end does not exist. Error: Could not establish connection. Receiving end does not exist. at I (background.js:2:748828) Object Error: Could not establish connection. Receiving end does not exist. at I (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:748828) _addError @ background.js:2 background.js:2 Could not establish connection. Receiving end does not exist. Error: Could not establish connection. Receiving end does not exist. at I (background.js:2:748828) Object Error: Could not establish connection. Receiving end does not exist. at I (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:748828) _addError @ background.js:2 background.js:2 Uncaught (in promise) Error: Could not establish connection. Receiving end does not exist. at I (background.js:2:748828) background.js:2 Could not establish connection. Receiving end does not exist. Error: Could not establish connection. Receiving end does not exist. at I (background.js:2:748828) Object Error: Could not establish connection. Receiving end does not exist. at I (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:748828) _addError @ background.js:2 background.js:2 Uncaught (in promise) Error: Could not establish connection. Receiving end does not exist. at I (background.js:2:748828) background.js:2 Could not establish connection. Receiving end does not exist. Error: Could not establish connection. Receiving end does not exist. at I (background.js:2:748828) Object Error: Could not establish connection. Receiving end does not exist. at I (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:748828) _addError @ background.js:2 background.js:2 Uncaught (in promise) Error: Could not establish connection. Receiving end does not exist. at I (background.js:2:748828) background.js:2 A listener indicated an asynchronous response by returning true, but the message channel closed before a response was received Error: A listener indicated an asynchronous response by returning true, but the message channel closed before a response was received at I (background.js:2:748828) Object Error: A listener indicated an asynchronous response by returning true, but the message channel closed before a response was received at I (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:748828) _addError @ background.js:2 background.js:2 A listener indicated an asynchronous response by returning true, but the message channel closed before a response was received Error: A listener indicated an asynchronous response by returning true, but the message channel closed before a response was received at I (background.js:2:748828) Object Error: A listener indicated an asynchronous response by returning true, but the message channel closed before a response was received at I (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:748828) _addError @ background.js:2 background.js:2 A listener indicated an asynchronous response by returning true, but the message channel closed before a response was received Error: A listener indicated an asynchronous response by returning true, but the message channel closed before a response was received at I (background.js:2:748828) Object Error: A listener indicated an asynchronous response by returning true, but the message channel closed before a response was received at I (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:748828) _addError @ background.js:2 background.js:2 A listener indicated an asynchronous response by returning true, but the message channel closed before a response was received Error: A listener indicated an asynchronous response by returning true, but the message channel closed before a response was received at I (background.js:2:748828) Object Error: A listener indicated an asynchronous response by returning true, but the message channel closed before a response was received at I (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:748828) _addError @ background.js:2 nextcloud/index.php/apps/passwords/api/1.0/session/keepalive:1 Failed to load resource: net::ERR_INTERNET_DISCONNECTED background.js:2 Failed to fetch TypeError: Failed to fetch at O._executeRequest (background.js:2:572614) at O.send (background.js:2:570831) at Object._keepalive (background.js:2:774829) at background.js:2:773491 Object TypeError: Failed to fetch at O._executeRequest (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:572614) at O.send (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:570831) at Object._keepalive (chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:774829) at chrome-extension://mhajlicjhgoofheldnmollgbgjheenbi/js/background.js:2:773491 _addError @ background.js:2 nextcloud/index.php/apps/passwords/api/1.0/password/delete:1 Failed to load resource: the server responded with a status of 412 (Precondition failed) background.js:2 PreconditionFailedError: HTTP 412 - Precondition failed at g.getClass (background.js:2:556722) at f.getClass (background.js:2:616251) at O._getHttpError (background.js:2:573303) at O._processJsonResponse (background.js:2:572728) at O.send (background.js:2:571261) at async n.delete (background.js:2:558213) at async i.execute (PasswordDelete.js:1:572) at async Object._executeController (background.js:2:864525) at async Array.