Data "leakage" - is it even a possibility?

rickcogley · March 5, 2016, 10:00am

Hi - first let me say I have no reason to suspect Codebook has this problem, and in fact, the fact that Codebook has limited “moving parts” (i.e. no browser plugins) is something I really like. But reading about this issue made me wonder.

To wit: I recently read an article about another password manager’s data “leakage” via the loopback network interface. Apparently, this other software is transferring data in plaintext via this interface, for some reason, and it made me wonder if there are any such “weak links” in codebook or its underlying database.

Barring a lack of boneheaded acts such as exporting all the data and leaving it sitting around in a plaintext file, could you please comment?

developernotes · March 9, 2016, 2:25pm

Hi @rickcogley

My apologizes for the delay in response. I also read the article regarding data leakage via loopback within another password manager. Codebook does not communicate your password over the network at all. Codebook relies on SQLCipher to store and protect all of your data. SQLCipher is our open source extension to SQLite that provide transparent 256-bit AES encryption of database files. You can read more about the design on SQLCipher here.

rickcogley · March 10, 2016, 10:44pm

That’s great to hear @developernotes

Topic		Replies	Views
Blog Post Addressing Concerns with the Sync Key Backup Feature Codebook	0	342	September 16, 2020
Ability to create an encrypted backup export file Codebook	3	782	May 29, 2020
How does Codebook protect the password blob? Codebook	1	248	January 5, 2023
Anyone Else Miss strip.db? Codebook	1	590	December 16, 2019
Sharing a Database between many users Issues	4	1267	January 30, 2016

Data "leakage" - is it even a possibility?

Related Topics