Data "leakage" - is it even a possibility?


#1

Hi - first let me say I have no reason to suspect Codebook has this problem, and in fact, the fact that Codebook has limited “moving parts” (i.e. no browser plugins) is something I really like. But reading about this issue made me wonder.

To wit: I recently read an article about another password manager’s data “leakage” via the loopback network interface. Apparently, this other software is transferring data in plaintext via this interface, for some reason, and it made me wonder if there are any such “weak links” in codebook or its underlying database.

Barring a lack of boneheaded acts such as exporting all the data and leaving it sitting around in a plaintext file, could you please comment?


#2

Hi @rickcogley

My apologizes for the delay in response. I also read the article regarding data leakage via loopback within another password manager. Codebook does not communicate your password over the network at all. Codebook relies on SQLCipher to store and protect all of your data. SQLCipher is our open source extension to SQLite that provide transparent 256-bit AES encryption of database files. You can read more about the design on SQLCipher here.


#3

That’s great to hear @developernotes :slight_smile: