search

subdavis / Tusk

🐘 🔒 KeePass-compatible browser extension for filling passwords.
https://subdavis.com/Tusk
Other
482 stars 74 forks source link

Encrypt credentials for webdav with master password #193

Closed csdt closed 6 years ago

csdt commented 6 years ago

This issue is a

Please describe the current behavior, and explain why it's bad.

Currently, when using webdav database, the credentials are stored unencrypted. I think I don't have to explain why it's bad.

Please describe how you think it should change.

I was thinking it could be possible to encrypt the credentials using the master password. Like this, credentials are safe while being completely transparent for the user.

It is pointless to access the webdav filesystem if the database key is wrong. So no extra step for the user will ever be required.

Anything else?

It could also be used to get databases from a direct link protected with basic authentication.

If this is already under consideration, I would be sorry to pollute the issue threads.

subdavis commented 6 years ago

This would be a problem if you had more than 1 keepass database on your webdav server. Which master credentials do you encrypt your webdav password with?

It seems like a great idea, but in practice I can't think of a way to implement without being really sloppy.

ALSO: You don't need to worry about your webDAV username/password getting "hacked" if you follow https://github.com/subdavis/Tusk/wiki/WebDAV-Support#best-practices