[CentOS] KeePassX replacement
Sorin Srbu
Sorin.Srbu at orgfarm.uu.se
Wed Sep 20 05:32:36 UTC 2017
-----Original Message-----
From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Valeri Galtsev
Sent: den 19 september 2017 17:16
To: CentOS mailing list <centos at centos.org>
Subject: Re: [CentOS] KeePassX replacement
> OT-sidetrack:
>
> What is/are a good cloud-less password manager if I'd need it in a
> cross-platform scenario; Windows, CentOS, Ubuntu and Android?
>
> A cloud enabled manager would be okay I guess if I could move the password
> database to say my own private cloud and be able to access it from there
> from all platforms.
>
> KeepassX seemed like a good choice until I found out it didn't do Android.
When I mentioned I use KeePassX on FreeBSD, Linux, Windows and Android, I
failed to mention the name of Android application I access KeePassX
database with. It is
KeePassDroid
With KeePassDroid in the mix all of your system choices seem to be covered.
I also didn't mention that when we choose application like that we
investigate how well security wise the author(s) thought it through.
KeePassX shined in that respect from multiple prospectives. I joined then
the support for nomination of KeeePassX author for award (never new if he
won that). One of the features I remember that impressed me: it creates
encryption key from your passphrase by hashing that about 1,000,000 times
over and over again. This basically slows brute force attack by the same
factor. That time I estimated that if I lost, say, my pocket device and
bad guys got hold of my keepassx encrypted password database, they will
need about a Month to crack that if they have at their disposal whole
composed computing power of my University. So, I have plenty of time to
change all passwords if that happens.
This if why we stay with the tools we chose for long-long time: it takes
significant effort to select the great ones. It is almost same costly
effort as hiring new employee.
Just my $0.02
Valeri
----------------------------------
Thanks Valeri!
I've until now stayed away from password managers, so I can't really tell
which ones are "okay" to use from a security point.
Googling for "best secure password manager list" gives everybody and their
dogs opinions.
Suggestions from users on this list ranks higher in my book. ;-)
Now, this KeePassDroid though. Is it trustable?
As they say, no chain is stronger than the weakest link.
--
//Sorin
More information about the CentOS
mailing list