<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body smarttemplateinserted="true" bgcolor="#FFFFFF" text="#000000">
<p>I use keepass with Key and Master password combination. I store
the password database on the dropbox/SFTP and carry my key with
myself on my cell phone, laptop etc. and then the master password
is in my mind :) . So with this , even if my password database
gets compromised or dropbox gets hacked, My password database is
still encrypted and the keys/password is not with the password
database file.<br>
</p>
<pre class="moz-signature" cols="72">Amit K Nepal
(CISSP, RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist)
</pre>
<div class="moz-cite-prefix">On 7/28/2016 1:25 AM, Joseph Sinclair
wrote:<br>
</div>
<blockquote cite="mid:5799C16A.7030109@stcaz.net" type="cite">
<pre wrap="">I do use Lastpass, fortunately I do not use the Firefox client affected by the latest issue, which has already been patched (One thing Lastpass has done well is security response and patching).
I don't store everything there, but I do store some things there for various reasons (mostly needing to use them on idiotic sites that actively block copy/paste).
I store absolutely everything in encrypted databases (multiple small files for performance and separation) (not keepass, mono is too much of a pig to run on my desktops).
The encrypted files (never decrypted to anything but RAM, and that's overwritten with 0's in the program as quickly as possible) are stored in a DVCS (e.g. git, mercurial, DARCS, Bazaar, etc...) that I sync via it's normal repo synchronization. I gain the advantage of "oops" recovery as well with the version history.
The repo is NEVER online, however, just filesystem-to-filesystem "remote" sync.
Nothing's perfect, but the amount of work needed to get past the encryption should vastly exceed the rather low value of what's stored there (in my case).
On 07/27/2016 03:34 PM, Stephen Partington wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I know several of you here are using keepass. of those users who is working
with the various browser integrations and the various android apps. and the
usual or unusual means of keeping the db across multiple locations.
I have been wondering about keepass and its use for some time, but now with
the recent security hold found in Lastpass i am taking a second look at it.
<a class="moz-txt-link-freetext" href="https://nakedsecurity.sophos.com/2016/07/27/lastpass-password-manager-zero-day-bug-hits-the-news/">https://nakedsecurity.sophos.com/2016/07/27/lastpass-password-manager-zero-day-bug-hits-the-news/</a>
PS i know this is not a real 0 day bug, so does the author. not sure why
he decided to do that sort of weird headline.
---------------------------------------------------
PLUG-discuss mailing list - <a class="moz-txt-link-abbreviated" href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a>
To subscribe, unsubscribe, or to change your mail settings:
<a class="moz-txt-link-freetext" href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a>
</pre>
</blockquote>
<pre wrap="">
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">---------------------------------------------------
PLUG-discuss mailing list - <a class="moz-txt-link-abbreviated" href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a>
To subscribe, unsubscribe, or to change your mail settings:
<a class="moz-txt-link-freetext" href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></pre>
</blockquote>
<br>
</body>
</html>