I use keepass with Key and Master password combination. I store the
password database on the dropbox/SFTP and carry my key with myself on
my cell phone, laptop etc. and then the master password is in my mind :)
. So with this , even if my password database gets compromised or
dropbox gets hacked, My password database is still encrypted and the
keys/password is not with the password database file.
Amit K Nepal
(CISSP, RHCE, CCENT, C|EH, C|HFI, GIAC ISO 27000 Specialist)
On 7/28/2016 1:25 AM, Joseph Sinclair wrote:
I do use Lastpass, fortunately I do not use the Firefox client affected by the
latest issue, which has already been patched (One thing Lastpass has done well
is security response and patching).
I don't store everything there, but I do store some things there for various
reasons (mostly needing to use them on idiotic sites that actively block
copy/paste).
I store absolutely everything in encrypted databases (multiple small files for
performance and separation) (not keepass, mono is too much of a pig to run on
my desktops).
The encrypted files (never decrypted to anything but RAM, and that's overwritten with 0's
in the program as quickly as possible) are stored in a DVCS (e.g. git, mercurial, DARCS,
Bazaar, etc...) that I sync via it's normal repo synchronization. I gain the advantage
of "oops" recovery as well with the version history.
The repo is NEVER online, however, just filesystem-to-filesystem "remote" sync.
Nothing's perfect, but the amount of work needed to get past the encryption
should vastly exceed the rather low value of what's stored there (in my case).
On 07/27/2016 03:34 PM, Stephen Partington wrote:
I know several of you here are using keepass. of those users who is working
with the various browser integrations and the various android apps. and the
usual or unusual means of keeping the db across multiple locations.
I have been wondering about keepass and its use for some time, but now with
the recent security hold found in Lastpass i am taking a second look at it.
https://nakedsecurity.sophos.com/2016/07/27/lastpass-password-manager-zero-day-bug-hits-the-news/
PS i know this is not a real 0 day bug, so does the author. not sure why
he decided to do that sort of weird headline.
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
