Quick Unlock Methods: PIN or last 3 characters

[subdavis]

I'd like to phase out the "keep unlocked" function because it's obscenely insecure. A lot of folks will likely complain, but currently a major issue is that if your computer is shut down while the database is kept unlocked, your password is stored unencrypted on disk. This is true of CKPX and CKP.

Let's do some research on this.

[subdavis]

For anyone reading this in the future, Tusk does not use disk storage to cache credentials anymore. This security hole has been patched.

[johnfernow]

A couple thoughts

• Is "keep unlocked" very insecure if you have full-disk encryption? If the computer is shut down while the database is kept unlocked, it still wouldn't be able to be accessed without the boot/user password, right?
• Wouldn't a PIN practically suffer from the same vulnerabilities as the original "keep unlocked" function if the user's computer doesn't have full-disk encryption? Even a shorter, alternative password of 8 random characters can now be cracked relatively quickly. I know Keepass2Android gives you one shot to enter the last 3 characters, but if your drive is unencrypted, it can be cloned and attempted indefinitely.

Perhaps, we could add back the ability to remember the database password indefinitely, but display a huge warning to the user that they should only do so if their computer has full-disk encryption, and if it is not, their password can be stolen trivially easily if someone has physical access to their device. We could add links for users on how to check to see if their device is full-disk encrypted on various platforms (and instructions on how to do so). Obviously your call though, just wanted to give my opinion.