Am 28. Jul, 2016 schwätzte Joseph Sinclair so:
moin moin,
> I do use Lastpass, fortunately I do not use the Firefox client affected
> by the latest issue, which has already been patched (One thing Lastpass
> has done well is security response and patching).
> I don't store everything there, but I do store some things there for
> various reasons (mostly needing to use them on idiotic sites that
> actively block copy/paste).
>
> I store absolutely everything in encrypted databases (multiple small
> files for performance and separation) (not keepass, mono is too much of
> a pig to run on my desktops).
Ah, I should have clarified that I'm using KeePassX. I have never
considered KeePass due to windows/mono.
KeePassX is C++
https://github.com/keepassx/keepassx/tree/master/src/core
I haven't yet looked at KeePassX2, so my previous comments were regarding
KeePassX. KeePassX2 is a full reimplementation that probably has new
features and seems to be missing some old features.
ciao,
der.hans
> The encrypted files (never decrypted to anything but RAM, and that's
> overwritten with 0's in the program as quickly as possible) are stored
> in a DVCS (e.g. git, mercurial, DARCS, Bazaar, etc...) that I sync
> via it's normal repo synchronization. I gain the advantage of "oops"
> recovery as well with the version history.
> The repo is NEVER online, however, just filesystem-to-filesystem
> "remote" sync.
>
> Nothing's perfect, but the amount of work needed to get past the
> encryption should vastly exceed the rather low value of what's stored
> there (in my case).
>
>
> On 07/27/2016 03:34 PM, Stephen Partington wrote:
>> I know several of you here are using keepass. of those users who is working
>> with the various browser integrations and the various android apps. and the
>> usual or unusual means of keeping the db across multiple locations.
>>
>> I have been wondering about keepass and its use for some time, but now with
>> the recent security hold found in Lastpass i am taking a second look at it.
>>
>> https://nakedsecurity.sophos.com/2016/07/27/lastpass-password-manager-zero-day-bug-hits-the-news/
>>
>> PS i know this is not a real 0 day bug, so does the author. not sure why
>> he decided to do that sort of weird headline.
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
--
# http://www.LuftHans.com/ http://www.PhxLinux.org/
# "The only thing that interferes with my learning is my education."
# -- Albert Einstein
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)