Keypass questions

der.hans PLUGd at LuftHans.com
Thu Jul 28 09:42:59 MST 2016 

Am 28. Jul, 2016 schwätzte Joseph Sinclair so:

moin moin,

> I do use Lastpass, fortunately I do not use the Firefox client affected
> by the latest issue, which has already been patched (One thing Lastpass
> has done well is security response and patching).
> I don't store everything there, but I do store some things there for
> various reasons (mostly needing to use them on idiotic sites that
> actively block copy/paste).
>
> I store absolutely everything in encrypted databases (multiple small
> files for performance and separation) (not keepass, mono is too much of
> a pig to run on my desktops).

Ah, I should have clarified that I'm using KeePassX. I have never
considered KeePass due to windows/mono.

KeePassX is C++

https://github.com/keepassx/keepassx/tree/master/src/core

I haven't yet looked at KeePassX2, so my previous comments were regarding
KeePassX. KeePassX2 is a full reimplementation that probably has new
features and seems to be missing some old features.

ciao,

der.hans

> The encrypted files (never decrypted to anything but RAM, and that's
> overwritten with 0's in the program as quickly as possible) are stored
> in a DVCS (e.g. git, mercurial, DARCS, Bazaar, etc...) that I sync
> via it's normal repo synchronization.  I gain the advantage of "oops"
> recovery as well with the version history.
> The repo is NEVER online, however, just filesystem-to-filesystem
> "remote" sync.
>
> Nothing's perfect, but the amount of work needed to get past the
> encryption should vastly exceed the rather low value of what's stored
> there (in my case).
>
>
> On 07/27/2016 03:34 PM, Stephen Partington wrote:
>> I know several of you here are using keepass. of those users who is working
>> with the various browser integrations and the various android apps. and the
>> usual or unusual means of keeping the db across multiple locations.
>>
>> I have been wondering about keepass and its use for some time, but now with
>> the recent security hold found in Lastpass i am taking a second look at it.
>>
>> https://nakedsecurity.sophos.com/2016/07/27/lastpass-password-manager-zero-day-bug-hits-the-news/
>>
>> ​PS i know this is not a real 0 day bug, so does the author. not sure why
>> he decided to do that sort of weird headline.​
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>

-- 
#  http://www.LuftHans.com/        http://www.PhxLinux.org/
#  "The only thing that interferes with my learning is my education."
#   -- Albert Einstein

More information about the PLUG-discuss mailing list