On Tue, September 19, 2017 4:18 am, Sorin Srbu wrote:
> -----Original Message-----
> From: CentOS [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of FHDATA
> Sent: den 18 september 2017 18:10
> To: CentOS mailing list <centos@xxxxxxxxxx>
> Subject: Re: KeePassX replacement
>
> On Mon, 18 Sep 2017, Valeri Galtsev wrote:
>
>>> You may have reasons to prefer KeePassX over KeePass 2, though.
>>
>> I for one use keepassx. My password database is synchronized between
>> variety of systems, and I can view/edit it on: CentOS, FreeBSD, MS
>> Windows, Android (and should be able on any derivatives of those). I
>> didn't try iOS as currently I don't have a need in that.
>>
>> Incidentally, does anybody know if there is any necessity in keepassx to
>> be patched? Did I read the original post correctly: there is no activity
>> on the development site for long time? Should there be any? (As, I would
>> say for comparison: cvs is so established software that there is no
>> development to expect, only if there are any security holes found those
>> need to be patched). Any insight on KeePassX anybody?
>>
>> Valeri
>
> hello
>
> using keepassx probably for 10 years or so across linux,win,mac,ios
>
> in late 2015 there was a security issue found and folks @ keepassx.org
> patched it fairly quickly and patch propagated
> up to epel quickly as well ...
>
> passwd manager {non-cloud ones} , in my opinion,
> is a "static" concept ...
> unless no issues with the underlying frameworks,
> what's there to patch ...
>
> ---------------------------------------------------------------------
>
> OT-sidetrack:
>
> What is/are a good cloud-less password manager if I'd need it in a
> cross-platform scenario; Windows, CentOS, Ubuntu and Android?
>
> A cloud enabled manager would be okay I guess if I could move the password
> database to say my own private cloud and be able to access it from there
> from all platforms.
>
> KeepassX seemed like a good choice until I found out it didn't do Android.
When I mentioned I use KeePassX on FreeBSD, Linux, Windows and Android, I
failed to mention the name of Android application I access KeePassX
database with. It is
KeePassDroid
With KeePassDroid in the mix all of your system choices seem to be covered.
I also didn't mention that when we choose application like that we
investigate how well security wise the author(s) thought it through.
KeePassX shined in that respect from multiple prospectives. I joined then
the support for nomination of KeeePassX author for award (never new if he
won that). One of the features I remember that impressed me: it creates
encryption key from your passphrase by hashing that about 1,000,000 times
over and over again. This basically slows brute force attack by the same
factor. That time I estimated that if I lost, say, my pocket device and
bad guys got hold of my keepassx encrypted password database, they will
need about a Month to crack that if they have at their disposal whole
composed computing power of my University. So, I have plenty of time to
change all passwords if that happens.
This if why we stay with the tools we chose for long-long time: it takes
significant effort to select the great ones. It is almost same costly
effort as hiring new employee.
Just my $0.02
Valeri
>
> Suggestions greatly appreciated!
>
> Thanks.
>
> --
> //Sorin
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
