Option to display data as QR code #675
Comments
|
That would require a safe scanner app on the phone, though, i.e., one that doesn't store the plaintext password in its history. |
|
Yes, that's right. The way I look at it, the more you facilitate using very strong passphrases, the more people will be willing to use strong passphrases. And the easier you make it to export specific passphrases to not-necessarily-safe environments such as a mobile phone, the more likely you are to be willing to adopt an overall safer passphrase store, such as an offline and/or completely trusted machine running a KeePass variant. If it's a pain in the neck to get passphrases out without connecting safe and unsafe devices, or laboriously retyping 30-character passphrases, you'll tend to use weaker passphrases on the unsafe devices. |
|
I feel your pain. It gets especially hard when your password contains non-ASCII characters. We just need to make sure users don't shoot themselves in the foot with this. |
|
It has been already discussed here #96 |
|
I was thinking on this lately. What do you think of developing a minimal mobile app for this using Qt? Maybe we could use callback-urls (URL schemes) and encrypt the passwords, so that it doesn't matter which app is used when reading the QR code. For instance, iOS 11 users could read the QR code using the native Camera app and Android users could read them using the Barcode Scanner app. The keepassxc mobile app will then decrypt the password and administer it. |
|
A friend of mine was asking for this feature, to display a password as QR code because of exactly having to type a strong password on mobile. So I implemented in entry edit widget a button that toggles a pixmap (200x200px) with a QR of plain-text password that can be scanned by any reader. Does anyone want this feature to be here? I can also extend this to showing a QR of encrypted password if someone would write an app that would decrypt it =) |
|
I'm curious about how you encoded the password into a QR code. Which library did you use for this project? Please see the approach I'm trying in PR #1001 for implementing something related using Libqrencode. Also, can you share a screenshot of the interface you're describing? Another use-case I was thinking about is displaying QR codes for WiFi passwords using this format that is supported by both Android and iOS11. This is useful for connecting mobile devices quickly to WiFi, especially when you use complicated/long passwords. What do you think is a good way to implement this in the UI? One potential issue I see is the QR encoding library leaking information through freed memory. Initially, I was thinking on zeroing the buffer passed to Libqrencode using C11's
|
|
Another thought: maybe we can ask some of the most popular open source KeePass mobile implementations, e.g. MiniKeePass, to support the Android/iOS part of this? |
|
I've used QrCodeGenerator.plgx [1] in Winblows. Today I use qrencode from Linux CLI, but it is messier. It would definitely be better to be able to do this the KP2 (using that plugin). |
|
The plugin also works with KP2 (under mono) with Linux. Right click on an entry and display the QR code. |
|
So my UI looks like this, when you open the entry: I have not though of the security point of view yet, this is just to show how it can look like, but I think that after generation of Qr it is possible to zerofill memory. |
|
It would be better to have the QR code outside in it's own "window" so that it can be resized easily (sometimes it is useful to resize QR codes, especially if they are complex). |
|
I think I could do right click-> show QR and make a modal popup with QR code. Allthough I tested with up to 128 characters [0-9a-zA-Z/*...]+extended ASCII and with 200x200 I had no problem scanning the code. I will work further on this (also security-wise) and post after having some progress. |
|
@VinArt Thanks for bringing Nayuki's QR code library to my attention, it seems like a nice alternative to use. I'll try to update my PR to use this library instead. Regarding the UI, I don't like how the empty white box looks and agree with you and @affinityv on using a modal window as an alternative. |
|
Do we really need yet another compile-time parameter? |
|
@phoerious Do you mean QR code functionality should be enabled by default? |
|
I don't see why not. Yes, technically it's another dependency, but nothing big. |
|
Ok, I'll modify PR #1167 to reflect this change. |
|
@phoerious I've removed the compile-time flag as per your request. |
|
@adolfogc I was not on this for a while, did you implement QR code display for all passwords as discussed or only for one-time? Is there something I could/should do? |
|
@VinArt Sorry for my late reply as well; this has been a busy week at work.
So far, I've adapted Project Yakuyi's
Sure. The remaining functionality we've discussed in this thread remains to be implemented. IMHO, further discussion remains to be had in order to reach consensus on which will be the way to implement the part of displaying a password as a QR code to enable transfering it to a mobile device, so I think a next step could be implementing the part of displaying WiFi passwords in the special format supported by both iOS and Android. This could be done using the URL field of an entry and the placeholder funcionality of KeePassXC, for example, in the URL field we could write:
Then, we can just look at an entry's URL field to check if it starts with "WIFI:" and, if so, show a little QR code button next to it that, when clicked, shows a modal with the URI rendered as a QR code. What do you think of this approach? And, would you like to work on this? Before working on this, though, we should wait to hear what others think of implementing this new feature. |
|
@adolfogc No problem =)
|
You're right. I was thinking merely on entries for WiFi passwords. I guess that using {PASSWORD} as the sole
Instead of creating new settings and using a checkbox, would it be better to just define a new attribute for each entry and use the placehoders there? We could agree on a convention to use. For instance, looking for an attribute using the special name of For the button, I was thinking on a representative QR code icon, like the ones shown here: https://tagliala.github.io/vectoriconsroundup/#qrcode |
|
What about following the TOTP method? Setup QR will be a dialog where user can set a placeholder string or whatever he wants to display in the QR (like Show QR will be a dialog displaying the QR_string |
|
@TheZ3ro I like your proposal. It makes this feature more usable for all users in general (not just power users) while at the same time keeping it from being a "hidden feature". Edit: in the "Setup QR" dialog, we could provide a predefined set of templates like @VinArt was suggesting above. Initially, I would go with just:
Using the username field for the network's SSID. Also, a warning symbol could show-up if it appears that the user is trying to render a non-WiFi password as a QR code. |
|
I think we should drop the WEP one 😅 Anyway yes, a preset for WiFi-format password, password only ( |
|
+1 for the feature request :) |
|
I'd love this feature, so that I could migrate from Keepass to Keepass XC. |
|
Actually it a very good feature, I need this for sharing strong passwords with my mobile/tablets, etc. I have written something for Linux/macOS which is very basic to have another tool for me to add this feature https://github.com/pharmatics/qr-secret Also, keep in mind that installing keepassxc is easier than keepass (with QR plugin) in macOS and other distros like CentOS. |
|
For scanning part, the Kaspersky QR scanner has a feature of disabling scanning history |
|
As I've started using a smartphone only lately, I'm also late to this discussion... But I'd really like to have such a feature for the few occasions where for now I have to type in 20 random characters on my smartphone. |
|
+1 for this feature. It is not your responsibility to choose which app the user should use to read the QR code securely. |
|
Some OTP client mobile app have an embedded QR code scanner without history & all of course so maybe some android implementation of keepass also have some embedded QR code scanner too. By the way you can also disable the history on SecScanQr open-source app. |
|
+1 QR would be awesome. If bitcoin wallets have it, why can't this one? |
|
KeePassDX and KeePass2Android are two excellent apps that open kdbx databases and are fully compatible with KeePassXC. There is no reason not to use one of these apps. Transfer your database with your favorite cloud storage or manually with network shares/USB device. If you are on iOS device then use Stongbox or Keepassium. Regarding users evaluating their own risk... the vast majority of users have no idea what the risk is. Offering the option allows them to make bad decisions and expose information unknowingly. That is the exact opposite of our application's goals. |
|
@droidmonkey On which data are you referring on when you speak of "vast majority"? Can we pay you to get the feature in a easter egg way and useable only by a special flag? ;) |
We've been through this so many times by now. You don't know what my risk profile is. And you also don't know if my decision is a bad one. Please stop this line of reasoning. If you insist in knowing it better, then simply put a big warning box next to the QR code to tell them it's not safe. |
|
Just going to leave this here https://arstechnica.com/information-technology/2021/02/android-barcode-scanner-with-10-million-downloads-infects-users/ |
|
Reminds me of the Stylish browser extension which suddenly went from useful app to full spyware with an ostensibly innocuous update. |
At the end of the day keepassXC could also suddenly include malware (either the developers go rogue :-) or more likely a scenario like Solarwinds that affects the distribution chain) and send all my passwords to a malicious actor -- a far more damaging scenario then this. The barcode scanner, as far as I can tell from the article, did not send the content of the stuff it was scanning out into the wild -- it just set up adware on the user's browser. Not great, but not the end of the world either. If I was that paranoid, I wouldn't trust KeepassXC either. |
|
Just caught my attention and related to the discussion, that is all |
|
Op 08-02-2021 om 22:43 schreef Jonathan White:
Just going to leave this here
https://arstechnica.com/information-technology/2021/02/android-barcode-scanner-with-10-million-downloads-infects-users/
<https://arstechnica.com/information-technology/2021/02/android-barcode-scanner-with-10-million-downloads-infects-users/>
I think this news is distorting the discussion of this github issue.
There will always be rogue applications and libraries.
To me, in this particular case, the issue is why the KeepassXC devs are
on their high horse to tell us what's good for us. And what we can use
or not. And how they are deciding for us what our risk profile is.
|
I wouldn't go this far. The devs can get on whatever horse they want -- they are the ones putting their time and effort into building it. You aren't going to convince them to implement this feature this way. Use rational arguments (as I believe many have in this issue), and if those don't work, then fork it and build it yourself or use another tool. Note that its pretty easy to work around the lack of this feature -- for example, this script will generate a QR code for the content you copied from KeepassXC on your Linux terminal -- I'm sure equivalents can be found for every OS: If the devs are totally opposed to this, they can always lock this issue / limit it to contributors and/or close it and move on. The fact that they haven't tells me its less about a philosophical objection to the feature (despite the posts above) and more about just the time and effort to build something they don't need themselves, or think is very secure. If is issue is now closed and locked, we'll know otherwise :-). |
|
As a more general example: My barcode scanner app had a hidden history feature logging all the stuff I had ever scanned without me really realising. Fortunately, I never use it for anything sensitive except perhaps temporary tokens, which expire after use. I doubt average Joe will ever care to check their scanner for a history feature, so over time they build a silent unencrypted copy of their password database on their phone. If you are an expert user who is aware of all the implications, there are plenty of other ways to get your password to your phone like the one suggested above (an even easier way would be to use keepassxc-cli directly). Unless we build support for encrypted QR codes via KeePass app on the phone, this will not be implemented. |
|
I think maybe just allow to export data as QR Code is not the right
solution, but there is definitely a need to easily transfer data to a
smartphone.
Smartphones are rarely up to date, full of vulnerabilities and infected
apps. So opening a Keepass database on a smartphone is definitly not a
secured solution.
Maybe a solution could be to allow exporting encrypted data through a QR
code, and add a feature on the android app to decrypt this data
|
That is what I was referring to. But that would need support in the mobile apps. |
Because there are some Smartphone Apps with hidden history features, you deny to implement that feature at all? And ignoring the fact that there are many others with "disable history" options build in? Please think about this: Isn't it the same if users are allowed to copy passwords from KeePassXC to the clipboard? Therefore I would be happy if you would reconsider your decision. |
and others
Sometimes it's useful to transfer secrets via QR code, and it would be nice if KeePassXC offered that feature. It could be another button icon next to the eye icon that shows a passphrase.
Use cases
The text was updated successfully, but these errors were encountered: