Fixed the security issue found by Angelelz #38.
It allowed to execute a spoofing attack by replacing the permanent key used to sign master passwords while storing in the Windows Credential Manager. Big thanks to Angelelz!
This release is dedicated to minor but still important improvements which cut corners is some scenarios of using the plugin.
- Revoking the key if Windows Hello prompt was cancelled is now optional (#30, thanks to GoldenHashtag)
- New algorithm for handling secure desktop which is compatible with AutoType and Open From URL dialogs (#18, thanks to kinglike1337)
- Fixed an error when creating a permanent key on Windows 10 earlier 1809 (#33, thanks to mullenat and tvannuland).
In this major release we have finally shipped a long-awaited feature for a permanent storage for master passwords (#7).
The storage holds its content encrypted with a permanent key signed with your biometry via Windows Hello.
Please follow to the Options dialog and create a permanent key in order to enable this storage. Thanks to gio710 and many others.
In addition, you can revoke all stored keys manually on the Options (#10, thanks to ghost).
This release is built on a completely new codebase that aims to improve UX, enhance code quality, stability and maintainability, essentially focusing on security issues. In particular, the release includes:
- New smooth lock-unlock workflow without a redundant "quick" key provider;
- Encoding and decoding keys from third-party providers based on the metadata instead of caching their effective keys;
- Increased security of key management (keys are encrypted by Windows Hello and AES algorithms);
- Added an option to disable the plugin in Settings dialog;
- Fixed the issue with keeping original key file path upon unlocking DB (#9, thanks to kinglike1337)
- Changes of validity period option is now applied to existing stored keys (related to #10, thanks to ghost)
- Fixed a possible vulnerable behavior by suggesting quick authorization in case of suspected key compromise.
- Fixed handling an exception if WinHello is disabled #1 (thanks to rjt)
- Small improvements in Options dialog