Am 28. Jul, 2016 schwätzte Joseph Sinclair so: moin moin, > I do use Lastpass, fortunately I do not use the Firefox client affected > by the latest issue, which has already been patched (One thing Lastpass > has done well is security response and patching). > I don't store everything there, but I do store some things there for > various reasons (mostly needing to use them on idiotic sites that > actively block copy/paste). > > I store absolutely everything in encrypted databases (multiple small > files for performance and separation) (not keepass, mono is too much of > a pig to run on my desktops). Ah, I should have clarified that I'm using KeePassX. I have never considered KeePass due to windows/mono. KeePassX is C++ https://github.com/keepassx/keepassx/tree/master/src/core I haven't yet looked at KeePassX2, so my previous comments were regarding KeePassX. KeePassX2 is a full reimplementation that probably has new features and seems to be missing some old features. ciao, der.hans > The encrypted files (never decrypted to anything but RAM, and that's > overwritten with 0's in the program as quickly as possible) are stored > in a DVCS (e.g. git, mercurial, DARCS, Bazaar, etc...) that I sync > via it's normal repo synchronization. I gain the advantage of "oops" > recovery as well with the version history. > The repo is NEVER online, however, just filesystem-to-filesystem > "remote" sync. > > Nothing's perfect, but the amount of work needed to get past the > encryption should vastly exceed the rather low value of what's stored > there (in my case). > > > On 07/27/2016 03:34 PM, Stephen Partington wrote: >> I know several of you here are using keepass. of those users who is working >> with the various browser integrations and the various android apps. and the >> usual or unusual means of keeping the db across multiple locations. >> >> I have been wondering about keepass and its use for some time, but now with >> the recent security hold found in Lastpass i am taking a second look at it. >> >> https://nakedsecurity.sophos.com/2016/07/27/lastpass-password-manager-zero-day-bug-hits-the-news/ >> >> ​PS i know this is not a real 0 day bug, so does the author. not sure why >> he decided to do that sort of weird headline.​ >> >> >> >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.phxlinux.org/mailman/listinfo/plug-discuss >> > > -- # http://www.LuftHans.com/ http://www.PhxLinux.org/ # "The only thing that interferes with my learning is my education." # -- Albert Einstein