Keypass questions

Amit Nepal amit at amitnepal.com
Thu Jul 28 08:40:56 MST 2016 

I use keepass with  Key and Master password combination. I store the 
password database on the dropbox/SFTP  and carry my key with myself on 
my cell phone, laptop etc. and then the master password is in my mind :) 
. So with this , even if my password database gets compromised or 
dropbox gets hacked, My password database is still encrypted and the 
keys/password is not with the password database file.

Amit K Nepal
(CISSP, RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist)

On 7/28/2016 1:25 AM, Joseph Sinclair wrote:
> I do use Lastpass, fortunately I do not use the Firefox client affected by the latest issue, which has already been patched (One thing Lastpass has done well is security response and patching).
> I don't store everything there, but I do store some things there for various reasons (mostly needing to use them on idiotic sites that actively block copy/paste).
>
> I store absolutely everything in encrypted databases (multiple small files for performance and separation) (not keepass, mono is too much of a pig to run on my desktops).
> The encrypted files (never decrypted to anything but RAM, and that's overwritten with 0's in the program as quickly as possible) are stored in a DVCS (e.g. git, mercurial, DARCS, Bazaar, etc...) that I sync via it's normal repo synchronization.  I gain the advantage of "oops" recovery as well with the version history.
> The repo is NEVER online, however, just filesystem-to-filesystem "remote" sync.
>
> Nothing's perfect, but the amount of work needed to get past the encryption should vastly exceed the rather low value of what's stored there (in my case).
>
>
> On 07/27/2016 03:34 PM, Stephen Partington wrote:
>> I know several of you here are using keepass. of those users who is working
>> with the various browser integrations and the various android apps. and the
>> usual or unusual means of keeping the db across multiple locations.
>>
>> I have been wondering about keepass and its use for some time, but now with
>> the recent security hold found in Lastpass i am taking a second look at it.
>>
>> https://nakedsecurity.sophos.com/2016/07/27/lastpass-password-manager-zero-day-bug-hits-the-news/
>>
>> ​PS i know this is not a real 0 day bug, so does the author. not sure why
>> he decided to do that sort of weird headline.​
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20160728/d119d903/attachment.html>

More information about the PLUG-discuss mailing list