I would hope so but I only made it a point to really look into how Bitwarden did it.I thought all password managers work like that? or does the others have the keys to unlock your vaults?
I would hope so but I only made it a point to really look into how Bitwarden did it.I thought all password managers work like that? or does the others have the keys to unlock your vaults?
I have to agree Bitwarden must be safest of all since its open source, meaning a lot review the code already and a red flag is faster to raise.
Oh absolutely. The community and developer engagement on the project was one of the selling points for me.The actual wisdom is that an open source project that has a lot of competent people working on it or reviewing it is safer than a closed source one. Bitwarden is a pretty high profile project, so we might be good. They have 13 GitHub repositories and pull requests for each. Casually looking around, I don't see any activity addressing security flaws, but tons and tons of activity on much more trivial stuff. But still, lots of activity means lots of eyes on the code.
I have to agree Bitwarden must be safest of all since its open source, meaning a lot review the code already and a red flag is faster to raise.
There are layers to these software projects. My understanding is that Codebook uses SQLCipher and SQLCipher uses OpenSSL. The SQLCipher website asserts that OpenSSL is peer reviewed. Is that what you mean by peer reviewed?I'd say that Bitwarden, Enpass, and Codebook are the safest, due to them all using SQLCipher, which is FOSS as well, and peer reviewed on top of that.
BL.
There are layers to these software projects. My understanding is that Codebook uses SQLCipher and SQLCipher uses OpenSSL. The SQLCipher website asserts that OpenSSL is peer reviewed. Is that what you mean by peer reviewed?
Many projects use OpenSSL. The famous Heartbleed Bug was in that library. Based on your post, I was curious whether 1Password used OpenSSL as well, so I did a search. I found a surprising post on 1Password forums in August of this year https://1password.community/discussion/comment/607995#Comment_607995
The part of the post related to OpenSSL was about them moving away from it. "Rework of the encryption to avoid using older OpenSSL libraries." and "Encryption uses the well-regarded open-source Ring library." I don't know anything about Ring.
I don't know what to make of the advertisement that OpenSSL is peer reviewed. I think I understand what "peer reviewed" means with regard to journal submissions; an article could be rejected if it doesn't pass peer review. But in the case of a software project, peer reviews could just expose weaknesses that don't get addressed. Not all reviews are glowing. Perhaps some of those reviews motivated 1Password to move away from OpenSSL.
Any ideas?
SQLCipher was originally developed and is currently maintained by Zetetic LLC. The public release of SQLCipher was released in November, 2008. At first, SQLCipher was solely used as the security backend for our password manager and data vault, Codebook. However, with it's its small footprint and excellent performance, it quickly became a popular security tool, especially for mobile developers. SQLCipher is ideal for protecting application data of all kinds. SQLCipher uses peer-reviewed cryptographic providers and algorithms to ensure that all data in encrypted databases is secured. Simple configuration and good default security practices reduce the burden on developers implementing security solutions. Likewise, broad platform support across iOS, Android, Windows, macOS, and Linux environments, with cross-platform database compatibility, ensures that SQLCipher will work anywhere it's needed. For these reasons, SQLCipher is now one of the most widely used secure database solutions available, protecting data for thousands of applications on hundreds of millions of devices.
Something like that is the prevailing wisdom. But, just being open source doesn't imply that a lot of people are looking at the code. It also doesn't imply that serious security experts are reviewing things with any regularity, since they probably have day jobs.
The actual wisdom is that an open source project that has a lot of competent people working on it or reviewing it is safer than a closed source one. Bitwarden is a pretty high profile project, so we might be good. They have 13 GitHub repositories and pull requests for each. Casually looking around, I don't see any activity addressing security flaws, but tons and tons of activity on much more trivial stuff. But still, lots of activity means lots of eyes on the code.
As an aside, I notice that the most recent pull request for the desktop client was to upgrade to a later Electron release. I guess that could be viewed as security related; it might make things worse or better from a security point of view.People on this thread have raised a concern about the security of Electron. So, Bitwarden desktop inherits their concern.
Do I need to install Rosetta to run 1Password 6 on Apple's silicon/Monterey?To a degree.
Since 1Password 6.x is an Intel binary, you'll see that it is running under Rosetta 2. 1Password 6 - as well as all Intel binaries - will run on any M1 Mac until Apple completely removes Rosetta from MacOS. When they do - which will mean all Intel support would be dropped from MaOS - 1Password 6 and any other Intel binary will effectively stop working. So to speak, you're on borrowed time. I'm in the same boat with 1Password 6, which is why I've started the migration off of it.
BL.
Do I need to install Rosetta to run 1Password 6 on Apple's silicon/Monterey?
Was this before or after whining about it on the forum? Will you be creating a better alternative to 1Password then?really?
1-Linus Trovalds created a whole operating system because he didn't like the closed source Unix and didn't want to pay.
2-Netflix was created because the founder was charged $40 in late fees by Blockbuster
3-LibreOffice created because they don't want to use Microsoft Office because its closed source
4-GNU was created because Stallman refused to use closed source software
5-Brave created because Chrome is too intruisive
6-ProtonMail created because people don't want free email from Google and Yahoo because its spies on them
7-teddit and libreddit created because they don't like Reddit policies and advertisement
8-Mastodon created because they don't like the centralized control of Twitter.
Shall I continue? Looks like we need a lot of shrinks already.
Was this before or after whining about it on the forum?
Will you be creating a better alternative to 1Password then?
Was this before or after whining about it on the forum? Will you be creating a better alternative to 1Password then?
If Rosetta 2 is installed, does it run on background all the time? I'm asking because I have a new MBP with Monterey on it and don't want to "contaminate" it with outdated and unnecessary software.No. when you run any Intel binary on Monterey for the first time, Monterey will prompt you to install Rosetta 2. It is available already on OS (read: not requiring a separate download), but not installed and running by default. That way if you don't need to run any Intel binaries, you don't have to have it installed.
BL.
In terms of security, how does Apple's keychain compare to 1Password and Bitwarden?I do not have to create an alternative since others already solved the problem to an extent like Enpass that enable a license option, or Codebook that does not even have subscription option.
If Rosetta 2 is installed, does it run on background all the time? I'm asking because I have a new MBP with Monterey on it and don't want to "contaminate" it with outdated and unnecessary software.
I installed 1Password 7, it runs with my 1Password 6 license, but it doesn't let me edit anything, the Edit function is disabled.
To my knowledge, it does not run in the background all the time. It should only run for the duration of the Intel binary that is being run. I say "to my knowledge", as that is how I perceive it to be; I do not have a Silicon Mac yet.
In terms of security, how does Apple's keychain compare to 1Password and Bitwarden?
Yes, that is what I'm saying. But when I open 1Password 7, it opens a popup advertising their subscription model, and I cannot edit anything. But all of my logins are there and I can use the app. I can edit on my iPhone and it updates it on the Mac.Whoa. Are you saying that you are able to apply your 1Password 6 license to 1Password 7? as in, you did not need a separate license for 1Password 7? According to AgileBits, 1Password 7 shouldn't take a license from 1Password 6:
![]()
How do I use my 1password 6 one time license for 1password 7. I got Parse error for the license.
I installed 1password 7 from the website. I opened my vault Selected license Clicked Add licence.1password.community
BL.
I spotted that today. That's annoying if it turns out to be accurate.Just saw this, might have a look before you update to 1Password v8.5 and want to import your data to Bitwarden before its too late. I'm already using Bitwarden for 7 months no looking back, happy to throw money at them!
New version of 1Password means no way to import 1Password data into Bitwarden
If the edit function is disabled, make sure the software doesn’t think you have a sub. 1Password 7 runs on the M1 without Rosetta.If Rosetta 2 is installed, does it run on background all the time? I'm asking because I have a new MBP with Monterey on it and don't want to "contaminate" it with outdated and unnecessary software.
I installed 1Password 7, it runs with my 1Password 6 license, but it doesn't let me edit anything, the Edit function is disabled.
If that ends up being true, 1Password is really screwing unsuspecting customers. That is really crappy of them to do such a thing. So glad I found Strongbox and Bitwarden. And if need be, I also have Enpass under another Apple ID I can share.Just saw this, might have a look before you update to 1Password v8.5 and want to import your data to Bitwarden before its too late. I'm already using Bitwarden for 7 months no looking back, happy to throw money at them!
New version of 1Password means no way to import 1Password data into Bitwarden
Yes, that is what I'm saying. But when I open 1Password 7, it opens a popup advertising their subscription model, and I cannot edit anything. But all of my logins are there and I can use the app. I can edit on my iPhone and it updates it on the Mac.
Think they’re talking about trying a v6 license file with v7If that ends up being true, 1Password is really screwing unsuspecting customers. That is really crappy of them to do such a thing. So glad I found Strongbox and Bitwarden. And if need be, I also have Enpass under another Apple ID I can share.