[CentOS] KeePassX replacement

Tue Sep 19 15:16:02 UTC 2017
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Tue, September 19, 2017 4:18 am, Sorin Srbu wrote:
> -----Original Message-----
> From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of FHDATA
> Sent: den 18 september 2017 18:10
> To: CentOS mailing list <centos at centos.org>
> Subject: Re: [CentOS] KeePassX replacement
> On Mon, 18 Sep 2017, Valeri Galtsev wrote:
>>> You may have reasons to prefer KeePassX over KeePass 2, though.
>> I for one use keepassx. My password database is synchronized between
>> variety of systems, and I can view/edit it on: CentOS, FreeBSD, MS
>> Windows, Android (and should be able on any derivatives of those). I
>> didn't try iOS as currently I don't have a need in that.
>> Incidentally, does anybody know if there is any necessity in keepassx to
>> be patched? Did I read the original post correctly: there is no activity
>> on the development site for long time? Should there be any? (As, I would
>> say for comparison: cvs is so established software that there is no
>> development to expect, only if there are any security holes found those
>> need to be patched). Any insight on KeePassX anybody?
>> Valeri
> hello
> using keepassx probably for 10 years or so across linux,win,mac,ios
> in late 2015 there was a security issue found and folks @ keepassx.org
> patched it fairly  quickly and patch propagated
> up to epel quickly as well ...
> passwd manager {non-cloud ones} , in my opinion,
> is a "static"  concept ...
> unless no issues with the underlying frameworks,
> what's there to patch ...
> ---------------------------------------------------------------------
> OT-sidetrack:
> What is/are a good cloud-less password manager if I'd need it in a
> cross-platform scenario;  Windows, CentOS, Ubuntu and Android?
> A cloud enabled manager would be okay I guess if I could move the password
> database to say my own private cloud and be able to access it from there
> from all platforms.
> KeepassX seemed like a good choice until I found out it didn't do Android.

When I mentioned I use KeePassX on FreeBSD, Linux, Windows and Android, I
failed to mention the name of Android application I access KeePassX
database with. It is


With KeePassDroid in the mix all of your system choices seem to be covered.

I also didn't mention that when we choose application like that we
investigate how well security wise the author(s) thought it through.
KeePassX shined in that respect from multiple prospectives. I joined then
the support for nomination of KeeePassX author for award (never new if he
won that). One of the features I remember that impressed me: it creates
encryption key from your passphrase by hashing that about 1,000,000 times
over and over again. This basically slows brute force attack by the same
factor. That time I estimated that if I lost, say, my pocket device and
bad guys got hold of my keepassx encrypted password database, they will
need about a Month to crack that if they have at their disposal whole
composed computing power of my University. So, I have plenty of time to
change all passwords if that happens.

This if why we stay with the tools we chose for long-long time: it takes
significant effort to select the great ones. It is almost same costly
effort as hiring new employee.

Just my $0.02


> Suggestions greatly appreciated!
> Thanks.
> --
> //Sorin
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247