[CentOS] KeePassX replacement

Wed Sep 20 05:32:36 UTC 2017
Sorin Srbu <Sorin.Srbu at orgfarm.uu.se>

-----Original Message-----
From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Valeri Galtsev
Sent: den 19 september 2017 17:16
To: CentOS mailing list <centos at centos.org>
Subject: Re: [CentOS] KeePassX replacement

> OT-sidetrack:
>
> What is/are a good cloud-less password manager if I'd need it in a
> cross-platform scenario;  Windows, CentOS, Ubuntu and Android?
>
> A cloud enabled manager would be okay I guess if I could move the password
> database to say my own private cloud and be able to access it from there
> from all platforms.
>
> KeepassX seemed like a good choice until I found out it didn't do Android.

When I mentioned I use KeePassX on FreeBSD, Linux, Windows and Android, I
failed to mention the name of Android application I access KeePassX
database with. It is

KeePassDroid

With KeePassDroid in the mix all of your system choices seem to be covered.


I also didn't mention that when we choose application like that we
investigate how well security wise the author(s) thought it through.
KeePassX shined in that respect from multiple prospectives. I joined then
the support for nomination of KeeePassX author for award (never new if he
won that). One of the features I remember that impressed me: it creates
encryption key from your passphrase by hashing that about 1,000,000 times
over and over again. This basically slows brute force attack by the same
factor. That time I estimated that if I lost, say, my pocket device and
bad guys got hold of my keepassx encrypted password database, they will
need about a Month to crack that if they have at their disposal whole
composed computing power of my University. So, I have plenty of time to
change all passwords if that happens.

This if why we stay with the tools we chose for long-long time: it takes
significant effort to select the great ones. It is almost same costly
effort as hiring new employee.

Just my $0.02

Valeri

----------------------------------

Thanks Valeri!

I've until now stayed away from password managers, so I can't really tell
which ones are "okay" to use from a security point.

Googling for "best secure password manager list" gives everybody and their
dogs opinions.

Suggestions from users on this list ranks higher in my book. ;-)

Now, this KeePassDroid though. Is it trustable?
As they say, no chain is stronger than the weakest link.

--
//Sorin