On Tue, September 19, 2017 4:18 am, Sorin Srbu wrote:
-----Original Message----- From: CentOS [mailto:centos-bounces@centos.org] On Behalf Of FHDATA Sent: den 18 september 2017 18:10 To: CentOS mailing list centos@centos.org Subject: Re: [CentOS] KeePassX replacement
On Mon, 18 Sep 2017, Valeri Galtsev wrote:
You may have reasons to prefer KeePassX over KeePass 2, though.
I for one use keepassx. My password database is synchronized between variety of systems, and I can view/edit it on: CentOS, FreeBSD, MS Windows, Android (and should be able on any derivatives of those). I didn't try iOS as currently I don't have a need in that.
Incidentally, does anybody know if there is any necessity in keepassx to be patched? Did I read the original post correctly: there is no activity on the development site for long time? Should there be any? (As, I would say for comparison: cvs is so established software that there is no development to expect, only if there are any security holes found those need to be patched). Any insight on KeePassX anybody?
Valeri
hello
using keepassx probably for 10 years or so across linux,win,mac,ios
in late 2015 there was a security issue found and folks @ keepassx.org patched it fairly quickly and patch propagated up to epel quickly as well ...
passwd manager {non-cloud ones} , in my opinion, is a "static" concept ... unless no issues with the underlying frameworks, what's there to patch ...
OT-sidetrack:
What is/are a good cloud-less password manager if I'd need it in a cross-platform scenario; Windows, CentOS, Ubuntu and Android?
A cloud enabled manager would be okay I guess if I could move the password database to say my own private cloud and be able to access it from there from all platforms.
KeepassX seemed like a good choice until I found out it didn't do Android.
When I mentioned I use KeePassX on FreeBSD, Linux, Windows and Android, I failed to mention the name of Android application I access KeePassX database with. It is
KeePassDroid
With KeePassDroid in the mix all of your system choices seem to be covered.
I also didn't mention that when we choose application like that we investigate how well security wise the author(s) thought it through. KeePassX shined in that respect from multiple prospectives. I joined then the support for nomination of KeeePassX author for award (never new if he won that). One of the features I remember that impressed me: it creates encryption key from your passphrase by hashing that about 1,000,000 times over and over again. This basically slows brute force attack by the same factor. That time I estimated that if I lost, say, my pocket device and bad guys got hold of my keepassx encrypted password database, they will need about a Month to crack that if they have at their disposal whole composed computing power of my University. So, I have plenty of time to change all passwords if that happens.
This if why we stay with the tools we chose for long-long time: it takes significant effort to select the great ones. It is almost same costly effort as hiring new employee.
Just my $0.02
Valeri
Suggestions greatly appreciated!
Thanks.
-- //Sorin _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++