The main issue has to do with being able to securely distribute and maintain the integrity of the code in charge of the cryptographic operations, as well as setting up a cryptographically secure random number generator. Currently, the recommendation to solve these problems is to use a browser extension. Passbolt follows this recommendation.
Organizing more regular independent 3rd party audits is one of our main priorities. We need your support to be able to organize them.
Other frequently asked questions in the same category
- How can I report a security vulnerability?
- Is it secure to use passbolt in its current version?
- What data is encrypted in passbolt?
- What kind of encryption does passbolt use?
- Has the code been reviewed?
- How does authentication work in passbolt?
- How can I change my passphrase?
- Is open source software less secure?
- My secret key and passphrase are compromised, what do I do?
- Does passbolt support revocation certificates?
- How are public keys trusted?
- What is the security token?