Encrypted password storage. Any of you use it? Things like PasswordSafe.
If so, why? If not, why not?
>>59140213
I use KeePass. You should use a password manager, but not cloud solutions like LastPass. Using things like that is just asking to be buttfucked.
>>59140213
keepass. it's popular, it works, and its had a code audit.
>Open text file
>write account and password info
>save file
>close file
>encrypt file with gpg
>>59140250
Yep, can't understand why someone would upload all their passwords to a cloud storage.
Looks like the differences between the different managers is mostly just the interface, no?
>>59140269
>maybe i have a little more self respect
>>59140213
Yes and I rolled my own
Why:
>Because I do not trust antivirus which I sometimes run only to make sure that my windows crack hasn't deposited a surprise on my comp.
>>59140284
Interface and of course file format.
>>59140213
Just use pass. Simple, secure, free and open source, easy-to-use, no cloud bullshit.
Every other local password manager is just a bloated, proprietary and not-as-well audited implementation of pass.
>>59140340
>>59140284
>>59140250
You're retarded.
>>59140302
>maybe i have a little more self respect
What's wrong with GPG?
>>59140440
Nothing, but programs developed to manage passwords are more convenient than a folder of encrypted notepad documents.
>>59140284
what do i do if i have multiple computers? i.e. desktop and laptop?
>>59140544
Save a copy of the password database on one of these, along with the program to run it.
Less convenient, but I feel it's worth the reduced possibility of unwanted access.
>>59140577
>corrupt filesystem/stick
whoops
dumbfuck
>>59140609
>save a backup
>>59140619
What if you added another password?
>>59140517
how about only having a single textfile
>>59140661
Then you'll need to update one of them. Like I said, less convenient, but presumably you won't be making new passwords /that/ often.
>not writing down your passwords in your diary
>not using the same password everywhere so you dont have to use unsafe password managers
enjoy your botnet sheeple
What is the best, most secure implementation of KeePass ? Should I use u2f ?
>>59140693
or you could upload your password database to something like github and then just sync changes across platforms.
it's not like your password db should be stored in some unencrypted form or anything.
>>59140517
or you know, you could use scripts to manage them.
>>59141102
I wouldn't do that. If you're retarded enough to have it in a public repo (I'm assuming because you're only allowed public repos unless you pay), you might get rekt if there's a vulnerability discovered.
Even if it's a private repo, it's a bad idea.
>>59141121
I'm so sure there is going to be a vulnerability in RSA 4096B in the coming years.
get real.
OpenSSL> aes-256-cbc -a -salt -in passwords.txt -out passwords.txt.aes
enter aes-256-cbc encryption password: ************
verifying - enter aes-256-cbc encryption password: ************
shred -vzn38 passwords.txt
OpenSSL> aes-256-cbc -d -salt -in passwords.txt.aes -out passwords.txt
enter aes-256-cbc decryption password: ************
>>59140544
I store the database in a owncloud instance I have on a server. Password protected with an offline key file.
>>59140423
Explain
>>59141769
welp. atleast i have an actual purpose for my raspberry pi now.