WingNews logo WingNews
top | item 47136765

(no title)

ycombinatrix | 5 days ago

>Important to note is that every time a KDBX file is updated, no matter how small the edit was, the entire file gets rewritten.

This seems like an implementation issue rather than a format/spec issue.

discuss

order

wps|5 days ago

Because KDBX is a gzipped and encrypted stream, this is actually fundamentally an issue with the spec itself. A client must re-encrypt and compress the file prior to writing because a mere append operation is not possible. SQLite solves this issue by allowing you to write with page level granularity rather than being forced to dump the whole file for a single tiny change!

ptx|5 days ago

Couldn't they simply switch to zip files? Those have an index and allow opening individual files within the archive without reading the whole thing.

Also, I don't understand how using XML makes for a brittle schema and how SQL would solve it. If clients choke on unexpected XML elements, they could also do a "SELECT *" in SQL and choke on unexpected columns. And the problem with people adding different attributes seems like just the thing XML namespaces was designed for.

layer8|5 days ago

Not encrypting everything as a whole however leaks information about the structure and what/how much was changed between two versions of the file.

zzrrt|5 days ago

> SQLite solves this issue by allowing you to write with page level granularity rather than being forced to dump the whole file for a single tiny change!

Smaller ideas that would address this: add support for non-CBC encryption modes, tweak/disable the compression so that small changes require less rewriting.

ycombinatrix|5 days ago

I see, thanks. Have you considered moving to Bitwarden?

dietr1ch|5 days ago

It's a file in the 10-500kB and passwords are read way more often than added.

If it's even tracked as an implementation issue, it probably ranks very low and fixing this requires a lot of care not to screw up things with the safety and feature rollout.

mathfailure|5 days ago

That's probably a security feature.

rileymichael|5 days ago

i would say it’s the correct implementation as you can’t edit atomically. write and move is what you have to do

wps|5 days ago

Exactly. As such, people in the thread with huge dbs have a poor UX when they really do not need to. Also, people who have experienced corruption issues on network storage due to the default saving method (I personally have never experienced this).

foobiekr|5 days ago

It's not an issue, write-new-and-swap is probably the best approach for this type of application.

PunchyHamster|5 days ago

You need format supporting append/edit first before you can implement it "right"