I use keepass with Key and Master password combination. I store the
password database on the dropbox/SFTP and carry my key with myself on
my cell phone, laptop etc. and then the master password is in my mind :)
. So with this , even if my password database gets compromised or
dropbox gets hacked, My password database is still encrypted and the
keys/password is not with the password database file.
Amit K Nepal
(CISSP, RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist)
On 7/28/2016 1:25 AM, Joseph Sinclair wrote:
> I do use Lastpass, fortunately I do not use the Firefox client affected by the latest issue, which has already been patched (One thing Lastpass has done well is security response and patching).
> I don't store everything there, but I do store some things there for various reasons (mostly needing to use them on idiotic sites that actively block copy/paste).
>
> I store absolutely everything in encrypted databases (multiple small files for performance and separation) (not keepass, mono is too much of a pig to run on my desktops).
> The encrypted files (never decrypted to anything but RAM, and that's overwritten with 0's in the program as quickly as possible) are stored in a DVCS (e.g. git, mercurial, DARCS, Bazaar, etc...) that I sync via it's normal repo synchronization. I gain the advantage of "oops" recovery as well with the version history.
> The repo is NEVER online, however, just filesystem-to-filesystem "remote" sync.
>
> Nothing's perfect, but the amount of work needed to get past the encryption should vastly exceed the rather low value of what's stored there (in my case).
>
>
> On 07/27/2016 03:34 PM, Stephen Partington wrote:
>> I know several of you here are using keepass. of those users who is working
>> with the various browser integrations and the various android apps. and the
>> usual or unusual means of keeping the db across multiple locations.
>>
>> I have been wondering about keepass and its use for some time, but now with
>> the recent security hold found in Lastpass i am taking a second look at it.
>>
>> https://nakedsecurity.sophos.com/2016/07/27/lastpass-password-manager-zero-day-bug-hits-the-news/
>>
>> PS i know this is not a real 0 day bug, so does the author. not sure why
>> he decided to do that sort of weird headline.
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)