The main issue has to do with being able to securely distribute and maintain the integrity of the code in charge of the cryptographic operations, as well as setting up a cryptographically secure random number generator. Currently, the recommendation to solve these problems is to use a browser extension. Passbolt follows this recommendation.
Organizing more regular independent 3rd party audits is one of our main priorities. We need your support to be able to organize them.
Other frequently asked questions in the same category
- How can I report a security vulnerability?
- What data is encrypted in passbolt?
- What kind of encryption does passbolt use?
- Has the code been reviewed?
- How does authentication work in passbolt?
- Is open source software less secure?
- Does passbolt support revocation certificates?
- How are public keys trusted?
- What is the security token?
- Is it secure to use passbolt in its current version?
- How can I change my passphrase?
- My secret key and passphrase are compromised, what do I do?
- How to extend a user expired key