-----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of FHDATA Sent: den 18 september 2017 18:10 To: CentOS mailing list <centos at centos.org> Subject: Re: [CentOS] KeePassX replacement On Mon, 18 Sep 2017, Valeri Galtsev wrote:>> You may have reasons to prefer KeePassX over KeePass 2, though. > > I for one use keepassx. My password database is synchronized between > variety of systems, and I can view/edit it on: CentOS, FreeBSD, MS > Windows, Android (and should be able on any derivatives of those). I > didn't try iOS as currently I don't have a need in that. > > Incidentally, does anybody know if there is any necessity in keepassx to > be patched? Did I read the original post correctly: there is no activity > on the development site for long time? Should there be any? (As, I would > say for comparison: cvs is so established software that there is no > development to expect, only if there are any security holes found those > need to be patched). Any insight on KeePassX anybody? > > Valerihello using keepassx probably for 10 years or so across linux,win,mac,ios in late 2015 there was a security issue found and folks @ keepassx.org patched it fairly quickly and patch propagated up to epel quickly as well ... passwd manager {non-cloud ones} , in my opinion, is a "static" concept ... unless no issues with the underlying frameworks, what's there to patch ... --------------------------------------------------------------------- OT-sidetrack: What is/are a good cloud-less password manager if I'd need it in a cross-platform scenario; Windows, CentOS, Ubuntu and Android? A cloud enabled manager would be okay I guess if I could move the password database to say my own private cloud and be able to access it from there from all platforms. KeepassX seemed like a good choice until I found out it didn't do Android. Suggestions greatly appreciated! Thanks. -- //Sorin
> Am 19.09.2017 um 11:18 schrieb Sorin Srbu <sorin.srbu at orgfarm.uu.se>: > > Suggestions greatly appreciated!https://www.passwordstore.org/ -- LF
-----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Leon Fauster Sent: den 19 september 2017 13:44 To: CentOS mailing list <centos at centos.org> Subject: Re: [CentOS] KeePassX replacement> Am 19.09.2017 um 11:18 schrieb Sorin Srbu <sorin.srbu at orgfarm.uu.se>: > > Suggestions greatly appreciated!https://www.passwordstore.org/ -- LF ----------------------------------------------------- Thanks! Is Passwordstora a de facto-standard with many of you on this list? -- //Sorin
On Tue, September 19, 2017 4:18 am, Sorin Srbu wrote:> -----Original Message----- > From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of FHDATA > Sent: den 18 september 2017 18:10 > To: CentOS mailing list <centos at centos.org> > Subject: Re: [CentOS] KeePassX replacement > > On Mon, 18 Sep 2017, Valeri Galtsev wrote: > >>> You may have reasons to prefer KeePassX over KeePass 2, though. >> >> I for one use keepassx. My password database is synchronized between >> variety of systems, and I can view/edit it on: CentOS, FreeBSD, MS >> Windows, Android (and should be able on any derivatives of those). I >> didn't try iOS as currently I don't have a need in that. >> >> Incidentally, does anybody know if there is any necessity in keepassx to >> be patched? Did I read the original post correctly: there is no activity >> on the development site for long time? Should there be any? (As, I would >> say for comparison: cvs is so established software that there is no >> development to expect, only if there are any security holes found those >> need to be patched). Any insight on KeePassX anybody? >> >> Valeri > > hello > > using keepassx probably for 10 years or so across linux,win,mac,ios > > in late 2015 there was a security issue found and folks @ keepassx.org > patched it fairly quickly and patch propagated > up to epel quickly as well ... > > passwd manager {non-cloud ones} , in my opinion, > is a "static" concept ... > unless no issues with the underlying frameworks, > what's there to patch ... > > --------------------------------------------------------------------- > > OT-sidetrack: > > What is/are a good cloud-less password manager if I'd need it in a > cross-platform scenario; Windows, CentOS, Ubuntu and Android? > > A cloud enabled manager would be okay I guess if I could move the password > database to say my own private cloud and be able to access it from there > from all platforms. > > KeepassX seemed like a good choice until I found out it didn't do Android.When I mentioned I use KeePassX on FreeBSD, Linux, Windows and Android, I failed to mention the name of Android application I access KeePassX database with. It is KeePassDroid With KeePassDroid in the mix all of your system choices seem to be covered. I also didn't mention that when we choose application like that we investigate how well security wise the author(s) thought it through. KeePassX shined in that respect from multiple prospectives. I joined then the support for nomination of KeeePassX author for award (never new if he won that). One of the features I remember that impressed me: it creates encryption key from your passphrase by hashing that about 1,000,000 times over and over again. This basically slows brute force attack by the same factor. That time I estimated that if I lost, say, my pocket device and bad guys got hold of my keepassx encrypted password database, they will need about a Month to crack that if they have at their disposal whole composed computing power of my University. So, I have plenty of time to change all passwords if that happens. This if why we stay with the tools we chose for long-long time: it takes significant effort to select the great ones. It is almost same costly effort as hiring new employee. Just my $0.02 Valeri> > Suggestions greatly appreciated! > > Thanks. > > -- > //Sorin > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
-----Original Message----- From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Valeri Galtsev Sent: den 19 september 2017 17:16 To: CentOS mailing list <centos at centos.org> Subject: Re: [CentOS] KeePassX replacement> OT-sidetrack: > > What is/are a good cloud-less password manager if I'd need it in a > cross-platform scenario; Windows, CentOS, Ubuntu and Android? > > A cloud enabled manager would be okay I guess if I could move the password > database to say my own private cloud and be able to access it from there > from all platforms. > > KeepassX seemed like a good choice until I found out it didn't do Android.When I mentioned I use KeePassX on FreeBSD, Linux, Windows and Android, I failed to mention the name of Android application I access KeePassX database with. It is KeePassDroid With KeePassDroid in the mix all of your system choices seem to be covered. I also didn't mention that when we choose application like that we investigate how well security wise the author(s) thought it through. KeePassX shined in that respect from multiple prospectives. I joined then the support for nomination of KeeePassX author for award (never new if he won that). One of the features I remember that impressed me: it creates encryption key from your passphrase by hashing that about 1,000,000 times over and over again. This basically slows brute force attack by the same factor. That time I estimated that if I lost, say, my pocket device and bad guys got hold of my keepassx encrypted password database, they will need about a Month to crack that if they have at their disposal whole composed computing power of my University. So, I have plenty of time to change all passwords if that happens. This if why we stay with the tools we chose for long-long time: it takes significant effort to select the great ones. It is almost same costly effort as hiring new employee. Just my $0.02 Valeri ---------------------------------- Thanks Valeri! I've until now stayed away from password managers, so I can't really tell which ones are "okay" to use from a security point. Googling for "best secure password manager list" gives everybody and their dogs opinions. Suggestions from users on this list ranks higher in my book. ;-) Now, this KeePassDroid though. Is it trustable? As they say, no chain is stronger than the weakest link. -- //Sorin
On 09/19/2017 05:18 AM, Sorin Srbu wrote:> -----Original Message----- > From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of FHDATA > Sent: den 18 september 2017 18:10 > To: CentOS mailing list <centos at centos.org> > Subject: Re: [CentOS] KeePassX replacement > > On Mon, 18 Sep 2017, Valeri Galtsev wrote: > >>> You may have reasons to prefer KeePassX over KeePass 2, though. >> I for one use keepassx. My password database is synchronized between >> variety of systems, and I can view/edit it on: CentOS, FreeBSD, MS >> Windows, Android (and should be able on any derivatives of those). I >> didn't try iOS as currently I don't have a need in that. >> >> Incidentally, does anybody know if there is any necessity in keepassx to >> be patched? Did I read the original post correctly: there is no activity >> on the development site for long time? Should there be any? (As, I would >> say for comparison: cvs is so established software that there is no >> development to expect, only if there are any security holes found those >> need to be patched). Any insight on KeePassX anybody? >> >> Valeri > hello > > using keepassx probably for 10 years or so across linux,win,mac,ios > > in late 2015 there was a security issue found and folks @ keepassx.org > patched it fairly quickly and patch propagated > up to epel quickly as well ... > > passwd manager {non-cloud ones} , in my opinion, > is a "static" concept ... > unless no issues with the underlying frameworks, > what's there to patch ... > > --------------------------------------------------------------------- > > OT-sidetrack: > > What is/are a good cloud-less password manager if I'd need it in a > cross-platform scenario; Windows, CentOS, Ubuntu and Android? > > A cloud enabled manager would be okay I guess if I could move the password > database to say my own private cloud and be able to access it from there > from all platforms. > > KeepassX seemed like a good choice until I found out it didn't do Android. > > Suggestions greatly appreciated! > > Thanks. > > -- > //Sorin > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centosI have installed keypass2android on my phones which should be able to use the same database but have not tried it to see how to actually use a password manager on a touchscreen device... Apparently there are also concerns about apps having "unlimited" access to the clipboard so one should use the keepass2android keyboard. Sounds like a hassle...
> -----Original Message----- > From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of H > Sent: den 21 september 2017 00:35 > To: centos at centos.org > Subject: Re: [CentOS] KeePassX replacement > > I have installed keypass2android on my phones which should be able to use > the same database but have not tried it to see how to actually use a > password manager on a touchscreen device... Apparently there are also > concerns about apps having "unlimited" access to the clipboard so one > should use the keepass2android keyboard. Sounds like a hassle...Incidentally a colleague suggested Lastpass. He however uses it with a YUBI-dongle though. Installed Googles Authenticator on my Android phone to test stuff, which is "sort of" a similar take as the dongle. Do any of you also use a Yubi-dongle for securing stuff like this? I feel it seems like a hassle with another gadget to keep track of. -- //Sorin