-----Original Message----- From: CentOS [mailto:centos-bounces@centos.org] On Behalf Of Valeri Galtsev Sent: den 19 september 2017 17:16 To: CentOS mailing list centos@centos.org Subject: Re: [CentOS] KeePassX replacement
OT-sidetrack:
What is/are a good cloud-less password manager if I'd need it in a cross-platform scenario; Windows, CentOS, Ubuntu and Android?
A cloud enabled manager would be okay I guess if I could move the password database to say my own private cloud and be able to access it from there from all platforms.
KeepassX seemed like a good choice until I found out it didn't do Android.
When I mentioned I use KeePassX on FreeBSD, Linux, Windows and Android, I failed to mention the name of Android application I access KeePassX database with. It is
KeePassDroid
With KeePassDroid in the mix all of your system choices seem to be covered.
I also didn't mention that when we choose application like that we investigate how well security wise the author(s) thought it through. KeePassX shined in that respect from multiple prospectives. I joined then the support for nomination of KeeePassX author for award (never new if he won that). One of the features I remember that impressed me: it creates encryption key from your passphrase by hashing that about 1,000,000 times over and over again. This basically slows brute force attack by the same factor. That time I estimated that if I lost, say, my pocket device and bad guys got hold of my keepassx encrypted password database, they will need about a Month to crack that if they have at their disposal whole composed computing power of my University. So, I have plenty of time to change all passwords if that happens.
This if why we stay with the tools we chose for long-long time: it takes significant effort to select the great ones. It is almost same costly effort as hiring new employee.
Just my $0.02
Valeri
----------------------------------
Thanks Valeri!
I've until now stayed away from password managers, so I can't really tell which ones are "okay" to use from a security point.
Googling for "best secure password manager list" gives everybody and their dogs opinions.
Suggestions from users on this list ranks higher in my book. ;-)
Now, this KeePassDroid though. Is it trustable? As they say, no chain is stronger than the weakest link.
-- //Sorin