is it possible to have windows hello instead of principaé password at 1st connection to keepass ? #7
Comments
|
+1 |
|
Hello! |
|
+1 |
|
+1 would really love this |
|
+1 |
|
++ |
|
+1 |
|
Oh yes, that would be fabulous! The guy here: https://github.com/fabiocbr75/KeePassFingerprint tried to make something that works that way...but it doesn't work for me and is not as smooth as the current KeePassWinHello. |
|
Would it presume cracking KeePass Master Password by the plugin? |
|
@sambul13 - no. From a security threat perspective the only real risks here are
|
|
Based on this plugin settings in KeePass Options, Windows Hello already stores the master password for the time selected by user, like Indefinite. Can the Trust Store be exploited by some Password Recovery software, and therefore KeePass master password stolen if permanently stored their? If not, KeePass should only require Master Password ones 1st time after adding the plugin just like Fingerprint plugin (which feels a bit complex to install). |
Without a doubt one of my favorite addons, extremely comfortable. Thanks to the developers. what about using TPM? A few days ago I suggested implementing the use of TPM modules in KeePass. If it is used, in addition to increasing security, automatic access could be made from the first opening of the database, without ever needing to re-enter the master password. You could always access directly with the Master password, but indistinctly, you could use Windows Hello (any of the middle modes), or even a PIN. In its simplest version, the master password could be binded to the TPM, or even sealed, and configure this plugin and TPM for key releasing with Windows Hello. If you wanted to add a much greater protection, you could also perform the decryption of the database directly in the TPM, so that the master password would never be used by the system, and with Windows Hello it would not be necessary to enter it either. |
|
++ |
|
+1 |
1 similar comment
|
+1 |
Someone already done that |
|
We've implemented a permanent storage in our new release v3.0. |
Thanks, I had a glance at the WinHelloUnlock that looks solid, though I noticed it's based on UWP API. Since it's completely different ecosystem (even not .NET based) there seems to be no way to itegrate that code with KeePass PLGX source-based plugin system (which means that your source code has to be compiled with .NET Framework on the fly by KeePass). This is why we've decided using solely low-level native Windows API to work with Windows Hello platform in the first place, and so our plugin is shipped in PLGX format. |
Thank you for taking a look at WinHelloUnlock, It's heavily based on KeePassWinHello, but, is there any resource you can recommend, because I don't understand most of your Windows API calls. Any documentation? I've been looking into providing WinHelloUnlock in .plgx file but as you said, it's not supported by KeePass. |
|
So great this unlock method ! Thanks for the link !
Docteur Serge ETIENNE, Médecin, spéc. FMH Psychiatrie-Psychothérapie (Lundi-Jeudi)
Avertissement:
Le courrier électronique (e-mail) comporte des RISQUES CONSIDÉRABLES, tels qu’absence de confidentialité, manipulation (falsification) du contenu et/ou de l'adresse de l’expéditeur, erreurs de transmission, virus et autres. Le cabinet décline toute responsabilité pour les dommages susceptibles d'en résulter. Compte tenu de ce qui précède, le cabinet recommande par ailleurs de ne pas envoyer d’INFORMATIONS SENSIBLES par e-mail et en cas de réponse à un e-mail, de ne pas laisser apparaître le texte reçu à l'origine dans cette réponse, mais de saisir à nouveau - manuellement - l'adresse du destinataire.
De : shuffle-c <notifications@github.com>
Envoyé : lundi, 26 août 2019 02:28
À : sirAndros/KeePassWinHello <KeePassWinHello@noreply.github.com>
Cc : gio710 <serge.etienne@svmed.ch>; Author <author@noreply.github.com>
Objet : Re: [sirAndros/KeePassWinHello] is it possible to have windows hello instead of principaé password at 1st connection to keepass ? (#7)
Hello!
Yes, it's already in our plans, but unfortunately we can't give you time estimate for this feature.
Someone already done that
https://github.com/Angelelz/WinHelloUnlock
Thanks, I had a glance at the WinHelloUnlock that looks solid, though I noticed it's based on UWP API. Since it's completely different ecosystem (even not .NET based) there seems to be no way to itegrate that code with KeePass PLGX source-based plugin system (which means that your source code has to be compiled with .NET Framework on the fly by KeePass). This is why we've decided using solely low-level native Windows API to work with Windows Hello platform in the first place, and so our plugin is shipped in PLGX format.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <#7?email_source=notifications&email_token=AKHLND65AVWUJFOPZK3EOHLQGMPQZA5CNFSM4FXFBBX2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5C7C4Y#issuecomment-524677491> , or mute the thread <https://github.com/notifications/unsubscribe-auth/AKHLND3ST2TEWDHXAMK77BDQGMPQZANCNFSM4FXFBBXQ> . <https://github.com/notifications/beacon/AKHLNDYOMSSQA4KXTX4OEYDQGMPQZA5CNFSM4FXFBBX2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5C7C4Y.gif>
|
Unfortunately, there is no documentation for native API regarding Windows Hello encryption provider. Microsoft provides general description of its cryptography API, and I've done a long research as to figure out the particular parameters and workflow for interacting with WinHello encryption provider. We're planning on develop an independent C#/C++ library, providing a simple interface to work with WinHello. And we need to write a doc for its internals as well, but it will take time because English is not the first language for us. |
|
Great! Let me know if I can help, even though english is not my first language ether. |
No description provided.
The text was updated successfully, but these errors were encountered: