- 08-18-14, 10:31 PM #29
You are spouting known news. The OP specifically mentioned requests for v1 support which is important for, but not limited to the following:
1. KeePass for BlackBerry is no longer being maintained. As such, the version available in App World does not function when installed in Work space.
2. As mentioned previously, *nix desktops which leverage the KeePass framework are most likely using KeePassX (vs KeePass PE + Mono). And if they are using KeePassX in a production environment, they are virtually guaranteed to be using v1 databases versus alpha support for v2. A similar situation exists with Mac OS X whereby the options are limited to KeePass PE + Mono (additional bloat), KyPass (payware) and KeePassX (alpha development status).
Last edited by adamlau; 08-19-14 at 12:16 AM.
- 08-19-14, 09:31 PM #31
- CrackBerry Abuser
08-19-14, 09:59 PM #32
- 167 Posts
- 0 Post(s)
- 0 Thread(s)
Version 2.1 with beta v1 (.kdb) read support now propagates through Blackberry World servers. In the meanwhile, I consider v2 (.kdbx) read support as tested and stable and thus removed the "beta" from the title.
Obviously, this and the following updates are free for the current users and early adopters.
For new customers, the price is $1 higher (the app is more functional, after all).
- 08-26-14, 02:09 PM #35
1. Enable Quick unlock > Enable Quick Unlock
2. Remove Enable Quick Unlock from the start screen and include it as an option which can only be set when a database has been successfully opened.
3. Quick Unlock does does appear to work with v1 databases.
4. Secure Mode where only a predefined database/key file can be opened and the user is immediately prompted to enter a password. This removes the visible path of the database and key file from the start screen. The less information that is available from the start screen, the better.
5. If write support is to be included, please provide a Read-Only option to prevent accidental overwrites.
6. After a database has been successfully decrypted, focus the cursor in the search field for immediate searching. Saves the user one click.
7. Key file > Key File, Lock database > Lock Database, etc.
- 08-26-14, 02:13 PM #36
Sorry. I'm a bit sensitive to demanding customers. I'm a developer (not for mobile), and it really rubs me the wrong way the way some people "request" features.
- 08-26-14, 02:24 PM #37
All good. These are constructive requests and not demands. The dev can pick and choose which requests can and should be roadmapped and which requests can be ignored. Perhaps it is the manner and style of writing which I employed that turned you off and that is understandable as the idea was not to mince words, but to convey ideas across clearly and concisely. I am a UNIX sysadmin who fields both demands and requests on a daily basis. Without such feedback, what I build and create would be far less effective than with them.
Thank you for the feedback, adamlau.
BlackBerry 10 UI guidelines, but only in those for PlayBook.
Enabling Quick Unlock weakens the security (an attempt of a 3-symbol guess is a nice gift to an attacker). Such an important decision can only be made by the database owner. When the database is open, we cannot be sure it is operated by the owner; the only proof of his/her identity is entering the correct master password... Hence the start screen.
Quick Unlock needs to know a part of the master password. However, I am not particularly keen to keep the latter in the memory. So, at the time when you first unlock the database KeePassB remembers a hash of the required few symbols of the master password. Then, when the app is quick-locked, this hash is compared with the hash of the quick password entered by the user. In case of mismatch, the database will be completely closed and the user will need to enter the full master password again.
Please check the "Learn more" link in the settings and PM/email me if Quick Unlock does not work as described there.
If your master password is strong and undisclosed, the knowledge of the DB+key file pair would not make an attack feasible anyway.
If, instead, your master password is known to the attacker and you have 1000 files in the phone, it would take the attacker only ~500k attempts to brute-force the correct files.
I think such a security-by-obscurity approach would be harmful as it would only give you a false sense of better protection.
- CrackBerry Genius of Geniuses
08-26-14, 05:56 PM #40
- 5,323 Posts
- 11 Post(s)
- 0 Thread(s)
Wonderful! I just found and have subscribed to this thread. I've used KeePass on PCs & laptops for years but there was never a good native BB10 version available.
I installed EnPass on my Q10 a few months ago but didn't like it as much, and I don't use it.
I will be trying your new app soon - thank you for your work!
Posted with my Q10, SQN100-2, 10.2.1.3253/3182 Radio
- 08-27-14, 03:50 AM #41
@zehkaiser: All good, bro. Hope the rest of your day went well .
@anmipo: I proceeded to RTFM. I understand how Quick Unlock now works. Thank you for highligting the Learn More link. Another caveat with Quick Unlock is that it appears to bypass the inactivity timer. The inclusion of an additional timer for Quick Unlock to prevent the database from being perpetually decrypted in memory (so long as the app remains open and the device is not restarted and remains powered) may help in this regard.
Regarding the suggested Secure Mode: Assuming the master password were known and 1000 files resided on the device, hidden paths could bide the time needed (particularly if the db encryption rounds were set high enough) for the user to remotely lock/wipe the device, or to change stored passwords (thus rendering the compromised data obsolete).
@adamlau, Quick Unlock does not currenly bypass the timer. When Quick Unlock is enabled it is applied instead of the full lock in most of the cases, including timeout. However, adding another timeout option for the full lock sounds like a good idea. I will see what can be done about it and your other suggestions.
@everyone, what was your initial expectation about how Quick Unlock should work?
A new version has been published today! It is a minor update with some bugfixes and small improvements.
The most visible change is the updated entry view, which has been rearranged to provide some space for the future "Edit" button
There is also an option to automatically activate search after unlocking the database (thanks to adamlau for the suggestion). The owners of hardware keyboards can also hit "S" to activate search.
There are also many small fixes and improvements, including consistent capitalization of texts (again thanks to adamlau), correct displaying of groups with special symbols in the title, and a few other less visible changes.
Indeed, the original KeePass application is licensed under the GPL, which both requires the developer to make its source code available and forces the same license for any derivative work.
In contrast, KeePassB 2 was planned as a commercial application, from its very start in April 2014. Therefore, I wrote it from the scratch and made sure it does not use any portion of KeePass/KeePassX code or resources.
This explains why KeePassB 2 icons are different from KeePass - the original Nuvola icon set is GPL-licensed.
This explains why there is only English version at the moment - I could not take the existing GPL-covered texts.
Finally, this also explains the slow development progress. For each database format, I first had to understand the processing workflow, then how to implement it in Cascades, then spend some time testing and debugging it. As you surely know, reusing an open source application would have been much easier and faster... I decided to go the exta miles to have full control of the development.
- 09-30-14, 04:08 AM #48
If that's the case, using the name KeePass it's totally misleading, because your app is just compatible with keepass formats.
You should call it in another way and then say that it's compatible with keepass database formats.
It's like if Microsoft decides to rename Windows as "Debian"
Not to mention that in KeePassB 1 you also blatantly violated GPL license by simply taking Brian Pellin work and reskinning it. Where's the openly available source here? If people ask for the source you send a super old version that's NOT what's on the store
- 09-30-14, 05:59 AM #49
EDIT: I should probably be a bit more clear about my response. I don't feel that taking something (code in this case) from someone else and using as your own is right. I also don't feel that not giving credit is right either.
But I also don't think that someone should be accused of something publicly when a simple PM or email would suffice.
There is no way for you (short of decompiling his bar) to know if he has used source code that is under GPL. And the name is not misleading at all. It is very obvious that this application is used to access KeePass databases. There is no guarantee of features, and he even states in the app description the limitations.
Posted via CB10
Last edited by zehkaiser; 09-30-14 at 06:30 AM.
renamed the app to KeePassB, and got Dominik's approval for this name.
If you are referring to the title/description of BB World listing rather than app name - I also agree. "KeePassB 2 - KeePass Built for BlackBerry" might be misleading. I will fix this to make sure it does not look as the official KeePass. Probably, it would be fair if you do the same with your port, KPD.
stated in GPL FAQ, "the right to sell copies is part of the definition of free software" and "we encourage people who redistribute free software to charge as much as they wish or can".
As a GPL-based application, KeePassB 1 bears the GPL notice in its About screen.
While this may look like an attempt to limit the freedom-as-in-speech, providing the source code on request is within the GPL requirements: "Technically, the most restrictive reading of GPLv2 requires a written offer (good for three years after you stop distributing binary versions of the code) to provide the corresponding source code upon request." (quote from How to comply with GPL version 2) The written offer is available on KeePassB 1 webpage. I will now add it to the BB World listing of KeePassB 1.
As for the spirit of the license, once there was a BB10-specific issue in KeePassDroid, which affected both KPD and KeePassB 1. I spent an evening to reproduce the bug, fixed it, and shared the solution with you and other developers. The GPL only requires to make the changes somehow available, not to proactively contact the other developers. There was no need to do that; moreover, the fix gave KeePassB 1 an advantage over KPD. Feel free to decide whether that was bragging or good will.
Just to be clear: the above GPL discussion is related only to KeePassB 1, not the native KeePassB 2.
Indeed, it is hard to prove whether KeePassB 2 contains GPL code. However, it is virtually impossible to disprove this without releasing the full source code (which would defy the very idea of keeping it closed).
- By TheQuietRioter in forum General BlackBerry DiscussionReplies: 4Last Post: 08-12-14, 09:30 PM
- By CrackBerry Question in forum Ask a QuestionReplies: 1Last Post: 08-07-14, 10:46 AM
- By Bucks Cr3ation in forum General BlackBerry DiscussionReplies: 2Last Post: 08-06-14, 10:42 PM
- By Q10Nutter in forum General BlackBerry DiscussionReplies: 15Last Post: 08-06-14, 04:28 PM
- By CrackBerry Question in forum Ask a QuestionReplies: 1Last Post: 08-05-14, 09:05 AM