4

This is a question for the security related: I can't seem to be able to locate the keychain file Orion is using. Is it located in icloud drive and accessible by user? I intend to use OSX security command line to do some further automation and hope that I can manually load this keychain file into keychain program

I am also curious how secure the users passwords are safe? It's said the orion is open sourced, however I can't find its code repo in github or maybe it is not open to public. My question is that how we(the users) can trust that the code dealing with password is safe?

Thanks

  • Vlad replied to this.

    stephencoz There is no 'keychain file' Orion uses native macOS keychain feature. So passowrds are as secure as Apple's keychain.

        It's said the orion is open sourced, however I can't find its code repo in github or maybe it is not open to public.

        orion will be open sourced some time in the future, but its just not time-effective to opensource it rn

          Vlad There must be a place that the orion keychain being written/saved to. In your official guide, it mentions that Orion does not use OSX keychain, it saves to Orion's keychain instead of OSX's keychain due to restriction, which is understandable.

          My question is: is it a customised keychain file Orion saves the passwords to? so where is it located?

          • Vlad replied to this.

              eirk again, this does not even give a verbal assurance that no modified code will do evil things to steal password etc.

              • eirk replied to this.

                  stephencoz Yes, i know. i'm just providiing clarification for why its not open source rn

                      stephencoz I think you are misunderstanding the way keychain works.

                      Keychain is a service provided by Apple. Applications can write to keychain. Orion has its 'bucket' in the keychain, and Safari has it own 'bucket'. Orion can not read or write into Safari's 'bucket'. All Orion password reside inside Orion's 'bucket' in the keychain. There are no files involved.

                      it mentions that Orion does not use OSX keychain

                      If this is written anywhere, it is wrong. Can you point to the exact location this is mentioned?

                        No one is typing