I took a look at the new fileformat. They are "tagged" with PWS3.
Is it such a good idea? I think, a trojaner could now scan and collect those database files better.
Perhaps a trojaner can scan the files a bit quicker, but without the master passphrase, they would do him little good.
Note that even without a tag, encrypted files are fairly easy to identify (they don't compress), so the "benefit" of security by obscurity is, as usual, illusory.
The benefit, OTOH, of the application rapidly identifying a non-pwsafe database, is real.
Log in to post a comment.