Data "leakage" - is it even a possibility?

rickcogley · March 5, 2016, 10:00am

Hi - first let me say I have no reason to suspect Codebook has this problem, and in fact, the fact that Codebook has limited “moving parts” (i.e. no browser plugins) is something I really like. But reading about this issue made me wonder.

To wit: I recently read an article about another password manager’s data “leakage” via the loopback network interface. Apparently, this other software is transferring data in plaintext via this interface, for some reason, and it made me wonder if there are any such “weak links” in codebook or its underlying database.

Barring a lack of boneheaded acts such as exporting all the data and leaving it sitting around in a plaintext file, could you please comment?

developernotes · March 9, 2016, 2:25pm

Hi @rickcogley

My apologizes for the delay in response. I also read the article regarding data leakage via loopback within another password manager. Codebook does not communicate your password over the network at all. Codebook relies on SQLCipher to store and protect all of your data. SQLCipher is our open source extension to SQLite that provide transparent 256-bit AES encryption of database files. You can read more about the design on SQLCipher here.

rickcogley · March 10, 2016, 10:44pm

That’s great to hear @developernotes

Topic		Replies	Views
Security of unselected items when CodeBook is unlocked Codebook	1	402	January 21, 2021
ISE study of Password Managers - interesting read	1	872	March 4, 2019
Stronger Security for Codebook Codebook	2	904	November 13, 2021
Exporting the encrypted data	1	776	April 17, 2018
Do us codebook users need to worry about this story? Codebook	3	1033	February 21, 2019

Data "leakage" - is it even a possibility?

Related topics