Breaking format changes is not such a major issue, they happened before: kdb → pre-2.08 kdbx → kdbx3 → kdbx4. If the new format is worth it, popular apps will adopt it within a few years — while still supporting older formats. Users would just stick with their current format until the ecosystem catches up, as it happened with KDBX and KDBX4.
Good to see you in here! You make a great point, historically the breaking changes have not really affected users. You kept your db as is, and it would get migrated if you wanted to use new features. A friendly warning on open with a prompt to migrate to unlock new features (after gaining ecosystem traction) would be reassuring to users. On a more technical note, is there anything on your end with KeePassium that would be greatly improved, especially regarding potential improvements to auto-fill memory usage?
Nothing major, mostly UX improvements that could be defined as part of the new format. For instance, custom ordering of entry fields is not possible now because existing apps just sort them alphabetically on save. Multi-URL storage is basically KP2A's workaround adopted as-is by other apps.
That said, most of the concerns raised by the article — outdated schema, inefficiencies, governance issues — call for a new iteration of database format, but not necessarily SQLite. However, we would still be debating how to represent entry templates and how to accommodate features that stretch format's initial assumptions (be it multi-URLs or smart groups). We may still discover that passkeys need more fields than initially foreseen. Then someone would come up with item-level access rights scheme. Then something else.
All of these are already possible with XML+Gzip, just as much as with SQLite/SQLCipher. The main advantage of the latter is the standard, multi-platform library with a permissive license, instead of KDBX' specialized parsing. Switching to SQLite would probably lower the entry barrier for new apps. Which would be a good thing on the surface (more choice), but could end up with the same devil-in-details bedlam as the status quo.
I really appreciate your commentary here! I understand that SQLite would not automatically solve the politics issue. As ctoth mentioned, it would serve as a "flag day" for the KeePass community to hopefully cover everyone's bases in a formal manner. Schema versioning and evolution is way more up SQLite's alley. An SQLite schema has referential integrity which an XML schema lacks, making it harder to misuse and contort. It is also far simpler to modify a query in the event passkey storage need to be changed than it is to modify the parser.
The lower barrier to entry probably also reduces the number of catastrophic parsing mistakes a developer can make. This is a net positive gain for the wider ecosystem of external tools which do not have to re-implement the whole parser. Every language has a great SQLite library, the same cannot be said of KDBX.
As for autofill memory limitations, this is largely an implementation detail: just process data stream in small chunks, that's it.
Unfortunately, KeePassium's data layer was designed in the times of iOS 11, before AutoFill became a thing. So I chose the easier path of loading and processing the whole file at once. This made sense for 10-20 MB databases on iPhones with 2 GB of RAM. By the time the mistake became obvious, it was much harder to switch to streamed processing, especially with a long queue of lower-hanging feature requests.
This class of mistake could have been wholly avoided if the format was SQLite based because there is no assumption that everything must be loaded into memory. Of course I defer expertise to you, but I've had a far better time with SQLite than I've ever had with XML parsing (OFX/QBO still bother me...)
Correct. I did not realise this and am disappointed, having paid a pretty penny for the lifetime license. Reading the github thread, the surreptitious way they changed things is a bit of a dick move.
Yes, you got it right. The source code is published under the GPL, but App Store ToS impose additional restrictions that are incompatible with the GPL. So we have to dual-license the project, and only the copyright owner can do that. In order to maintain that role, we can only accept contributions with a CLA (two pages of legalese that transfer the copyright). This is obviously a deterrent for contributions: over the 5 years, I believe there were only 3 people who signed it :)
We are undergoing the same CASA audit (required to access Google Drive API). And we do have people forking and building the project from source, so one can hope they read what they compile. Strongbox' source code is half-closed (see #784 in their repo) so source-level independent audit is impossible.
Otherwise, no. A third-party audit costs like a year of part-time developer, and at this stage the developer is more useful.
You can also directly verify these claims using the App Privacy Report. It's a system feature that shows which domains an app contacted over the last 7 days (and how often). And it works for all apps.
Unfortunately, there is no way to _enforce_ the offline behavior of an iOS app, but being able to monitor it is already something.
reply