On Tue, September 19, 2017 4:18 am, Sorin Srbu wrote: > -----Original Message----- > From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of FHDATA > Sent: den 18 september 2017 18:10 > To: CentOS mailing list <centos at centos.org> > Subject: Re: [CentOS] KeePassX replacement > > On Mon, 18 Sep 2017, Valeri Galtsev wrote: > >>> You may have reasons to prefer KeePassX over KeePass 2, though. >> >> I for one use keepassx. My password database is synchronized between >> variety of systems, and I can view/edit it on: CentOS, FreeBSD, MS >> Windows, Android (and should be able on any derivatives of those). I >> didn't try iOS as currently I don't have a need in that. >> >> Incidentally, does anybody know if there is any necessity in keepassx to >> be patched? Did I read the original post correctly: there is no activity >> on the development site for long time? Should there be any? (As, I would >> say for comparison: cvs is so established software that there is no >> development to expect, only if there are any security holes found those >> need to be patched). Any insight on KeePassX anybody? >> >> Valeri > > hello > > using keepassx probably for 10 years or so across linux,win,mac,ios > > in late 2015 there was a security issue found and folks @ keepassx.org > patched it fairly quickly and patch propagated > up to epel quickly as well ... > > passwd manager {non-cloud ones} , in my opinion, > is a "static" concept ... > unless no issues with the underlying frameworks, > what's there to patch ... > > --------------------------------------------------------------------- > > OT-sidetrack: > > What is/are a good cloud-less password manager if I'd need it in a > cross-platform scenario; Windows, CentOS, Ubuntu and Android? > > A cloud enabled manager would be okay I guess if I could move the password > database to say my own private cloud and be able to access it from there > from all platforms. > > KeepassX seemed like a good choice until I found out it didn't do Android. When I mentioned I use KeePassX on FreeBSD, Linux, Windows and Android, I failed to mention the name of Android application I access KeePassX database with. It is KeePassDroid With KeePassDroid in the mix all of your system choices seem to be covered. I also didn't mention that when we choose application like that we investigate how well security wise the author(s) thought it through. KeePassX shined in that respect from multiple prospectives. I joined then the support for nomination of KeeePassX author for award (never new if he won that). One of the features I remember that impressed me: it creates encryption key from your passphrase by hashing that about 1,000,000 times over and over again. This basically slows brute force attack by the same factor. That time I estimated that if I lost, say, my pocket device and bad guys got hold of my keepassx encrypted password database, they will need about a Month to crack that if they have at their disposal whole composed computing power of my University. So, I have plenty of time to change all passwords if that happens. This if why we stay with the tools we chose for long-long time: it takes significant effort to select the great ones. It is almost same costly effort as hiring new employee. Just my $0.02 Valeri > > Suggestions greatly appreciated! > > Thanks. > > -- > //Sorin > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++