>Keepass
Open source wins again guys, r-right?
Heil
Dark times ahead with Free (TM) model of business.
>>54944173
>saving passwords digitally
a lesson learned i presume
The desktop version or one of the many apps?
>>54944242
The problem is with the website using http instead of https, which allows a mitm attack.
The workaround is to not be retarded enough to download keepass while using an unknown network. Disabling update checks also deals with the issue.
just get KeePassX from your distro's repos, problem solved
>>54944284
So a non-issue for anyone knowing what he's doing.
>>54944173
You get what you pay for.
>>54944319
Yes, it's pretty much a non-issue for anyone who would bother to use keepass in the first place.
Why the fuck would you need a password manager when two step authentication exists?
>>54944213
Yea should record them analog.
>>54944242
>The desktop version or one of the many apps?
the autoupdate feature connects over http allowing someone with access to your network or connection to keepass (say, isp, either on your end or the keepass servers provider end, or something) to MITM the update
if you download from sourceforge(https) and update manually you shouldn't have a problem
the apps may not be affected because they'll update through the play store or apple's equivalent
>>54944397
>Why the fuck would you need a password manager when two step authentication exists?
because two step authentication doesn't prevent against website's being hacked leaking your passwords
>>54944173
That's why I'm using my own python+tk password manager. I fully understand the code.
>he saved his passwords in THE CLOUD
>>54944653
that's just it, keepass is a local password manager.
it's just the update function and their site is using http.
not problems if you are using a package manager like any decent human being should.
>>54944599
>the autoupdate feature connects over http
There is no automated updating on keepass. You always have to manually download and run the installer. Keepass only tells you that there is an update and sends you to the website if you choose to.
The only thing keepass has is an automated update check, but it does nothing on it's own.
>>54944517
laughed loud d;
>>54944173
Never understood he need for managers.
Have a throw away for shit you're never going to use again(forums for one time answers,websites that require X likes or X comments, etc)
Then have your actual passwords
BU BU BU BU BUT ITS HURD TO UNNASAN DIM PAATURDZ.
It really isnt, if you're going to use the website constantly or be part of the community, remembering passwords is not difficult
http://correcthorsebatterystaple.net/
>>54944517
I have a password book which I use for individual websites and websites are written twice, at the beginning row to row it says on which page I wrote the website (basically an index) and on the page with the website I write everything that was related to that website registration. Password, security questions, fake birthday if any, recovery e-mail (have 4 e-mails) etc. etc. I feel this is much safer as having something stolen digitally is typically out of your means to protect all the time but a responsibility given to the program operator, similar to how LastPass was hacked, you can't entrust yourself with the security of your passwords all that well. Meanwhile my book has a regular (fake) book cover in my bookshelf and I access it whenever I need access to some high value accounts with unique passwords. Otherwise low value accounts (like accounts made "just to be" or to check something out) are made with a shared password I could not possibly care less about being hacked, so I don't need to index every single website in the world I have registered into.
We said KeypassX, not keypass. The distinction is important.
>>54944855
>not using a book cipher
>>54944823
Try remembering 30 different passwords
>>54944823
Duuuude I have like 100 online accounts for job boards and shit. The amount of things you have to register for now is astounding.
KeePass is a godsend for this.
>>54944883
Associte a 4-6 letter acronym to that website
Do you have problems remembering 7+ digit phone numbers ,or 3+ numbers + 3+ letters in your address?
Can you not remember shitposting acronyms?
Can you not remember cpu acronyms?
Checkmate.
>30
I highly doubt you frequent 30 websites, let alone all of them needing a password
>>54944925
>register for
Such as?
I doubt you maintain 90% of those
>>54944940
Well my keypassX database as 30 sites in it.
>>54944963
And how many do you frequent daily?
>>54944173
That's why you use KeePassX instead.
ITT: Single point of failure.
>keep a little piece of paper with with passwords in wallet and lighter in pocket
>if get in trouble burn paper
wheres the problem faggots
>>54944953
>indeed
>reed
>monster
>totaljobs etc.
Not to mention individual company websites, smaller obscure job boards, various agencies.
Lets throw in all the various shopping websites, gaming service accounts, video streaming services, email accounts, cloud storage, shit like Adobe Cloud and other various botnets that require registration etc. you can very easily end up with a hundred different logins to remember.
>>54944599
>because two step authentication doesn't prevent against website's being hacked leaking your passwords
And you think a password manager would prevent a site being hacked?
>>54944173
https://en.wikipedia.org/wiki/Gator_E-wallet
>__________ developer overlooks security hole to preserve ads
Ad lib that can accurately describe <90% of internet security problems.
>>54944397
Not everything uses that, and I personally don't want to rely on a cellphone.
>>54945019
Try burn a paper when seven well hung dudes are fucking you in every sexual hole you have. See if you can.
>>54945566
I'd love to try to
>>54944940
I guess you're right. If I can remember a ten digit number then I can remember q_EV;SG>:E9zK#KQU1;?F%CXo^Z,xL}p74_0Yf,2JhQ&)m8rqcmV*OgXh&Tg3IvC{(Ey}AQkIs:fhbxxd9UM!DwJv]30l0EZj>\.iPh3JZ83!72GI/e,B0F9<KAe+:%?MFUU*@/2pjV]F/7\XoW+DovjY9oK0Ut{{}vU2?YGehkxgt/F7V3+L0W.AMv!sD1&eLo6t}}y?Zx#<vu1Sz[p1Ln#kkqeNG+4%aZ\P0\Lawz>tvv{wk$N8:1H#tM1ClUs{i<D8T@l]#f+\cYv}CKwhN%)*e}v:vpFf_>qEV1im6>lkSi/*TuQs!o@G$.8!n[&/K.p>yxg6r<sL#qh7mX2}+eh2$seS(_34*Ha*^*].!iwEy3NmbRaPW);nc,^_Ij:dQ;_7BChoK35KVUX9y0\WuTL/22(+A![$5C}&]WWoa$A8mj&mwI(snhrE9adLC<cJi]eZMCPzscWg{rsjZ#2{)vet.iGn#IWM0CxY:}\_R8:EOj1zN5}8PU3ME)Z>3kG
I mean remembering 20 512 character random strings is trivial.
>>54944319
Right, but the fact that the dev thinks it's okay would make me trust the app far less.
>>54944302
This.
Just remember your passwords, retards
>needing a password manager
>not using the same password for every site with a slight variation
Kill yourselves.
NIH syndrome is hitting me hard. I'm rather tempted to write my own, very simple, password manager.
>>54944302
Windows doesn't have this though.
I use Keepassx.
>>54945785
He thinks it's okay because he trusts that he users aren't retards.
>>54944653
>shopping OVER THE INTERNET
its like you morons dont know things can be encrypted.
>>54946271
>$CURRENT_YEAR
>OS with no package manager
>>54944173
>r-right?
yes. The application can be forked. This is not the case with nonfree software.
Regardless, your package manager should be ensuring your applications are not tampered with in transit.
>>54944940
I'll take WORD MANGLING for $400, Alex
>>54944173
>the only reason this was discovered is because it was open source
if it wasn't open source, like coldfusion, it'd have security bugs for root access for the past 7 years, like coldfusion does.
>>54946271
>using windows
>>54948559
no, the traffic was inspected and intercepted
https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/
>>54944173
>Automatic Update Vulnerability
>There have been some articles about automatic KeePass updates being vulnerable. This section clarifies the situation and its resolution.
>[...]
>Resolution. In order to prevent a man in the middle from making KeePass display incorrect version information (even though this does not imply a successful attack, see above), the version information file is now digitally signed (using RSA-2048 and SHA-512). KeePass 2.34 and higher only accept such a digitally signed version information file. Furthermore, the version information file is now downloaded over HTTPS.
>>54948811
http://keepass.info/help/kb/sec_issues.html#updsig
>>54944173
>He can't even remember his passwords
>>54948743
>tfw no libreboot thinkpad
lol , so much fail. all is lost to the common man who will never know there loss.
>>54944397
Because it's a fucking hassle.
How come no one uses Dashlane? I just got it today and I really like it.
>>54952673
>password manager
>not open source
o god burn it
>>54948550
What's that picture? Some sort of satellite pass? Is it even radio?
>>54944984
> not having redundancies
Nice one senpai
>>54944971
And what exactly does that accomplish?
>>54952728
baudline
It's the doppler effect, iirc
Why would I use KeepAss? If my system is compromised all of my pwds will be gone.
>>54945949echo <pass> | gpg -e -o <website>.gpg
>>54953956
nice bash history
>>54953921
If your system is compromised then they are all gone anyway, retard.
Also Keepass encrypts your shit, and you can just backup your file. Why are retards commenting on shit they can't possibly understand?
>>54947152
I sometimes work with an elderly sysadmin who speaks credit card info over POTS when ordering from tigerdirect because she doesn't fully grasp this.
Password managers are too sketchy. What I do is record audio of me reading my passwords and include it in my phone's music folder with a made-up name. Nobody would think to look there.
>>54944940
Are you normie? 30 isn't even a large number. I use shared password for numerous low importance forum account but still have nearly that amount of password
Open Sores
>>54944173
If it's open source why not just fork a version with no ads?
I keep my passwords in a text file on an encrypted usb stick.
works for me.
>>54959843
Open source does not equal free software, so if KeePass is proprietary then you can't do much.
>>54946271
>Windows
>>54955550
Never heard that one before, creative.
>>54944883
>>54944925
If you don't have enough brainpower to even remember all your passphrases, then how do we even allow you into the internet?
>>54944940
>I highly doubt you frequent 30 websites, let alone all of them needing a password
I have 100+ passwords in Keepass.
>>54954826
Why would I save them?
I really would like more sites to adopt a 2-step authentication via the google authenticator app. I have it active where possible, but sites like my country's amazon still doesn't have it available, and shitty paypal only has its own security SMS system.
>>54960765
http://www.howtogeek.com/212219/here%E2%80%99s-how-an-attacker-can-bypass-your-two-factor-authentication/
>>54946271
>>54947692
>>54948577
>>54959916
https://chocolatey.org/packages?q=KeepassX
But it does and KeePassX is in it
>>54960806
That's with a phone number you stupid nigger.
>>54959910
I'm no opensourcefag but this sounds cuck tier
>>54960848
>using a phone in the first place
It's like you are criminally retarded.
>>54959843
There are no ads in Keepass. It's about the website not using HTTPS because ads, and that affecting update checks. Please at least partially understand the subject before posting.
>>54944173
>Open source wins again guys, r-right?
OpenSSL had something like a 20 year old bug.
>>54960900
>20 year old bug
>>54960876
I'm not using a phone you dumb piece of shit. What don't you understand?
>>54960927
>not using a phone in 2016
It's like you're a socially retarded luddite.
>>54960859
>I don't know what I'm reading but I'm going to comment anyway
OPEN SORES FILLED WITH PUSS
>>54944970
If you don't frequent the sites daily, all the more reason to use a password manager to keep track of login info for them as it'll be harder to remember without repetition.
I only need to know the passwords of my user account on the computer, the primary email and the keepassx decryption key. It contains somewhere between 100 and 200 site logins, both user names and passwords randomly generated strings, 20+ characters long for the latter. There's no reason I should have to remember all of that by myself. Why are you even on a computer if you're not going to use it to perform tasks for you?
>>54944823
This is almost good: it needs to add a placeholder for the initials of the service you're making it for. Then you can re-use the same few patterns of different difficulty and only need to remember those while still having a different password for everything. That's what I do and I've never needed a password manager, yet all my 100+ passwords are unique and actually hard to crack (depending on the base pattern of course). Letting my browser remember them was merely a convenience
>>54961809
>and actually hard to crack
What's your entropy? Don't tell me your passwords are less than 30 characters.
I've been using the same password with slight variation on all my online accounts since my first one on nickelodeon.com when I was like 9
What's the best manager?
KeePassX?
What's the problem with keeping a PGP encrypted file filled with randomly generated 32-64 characters long passwords?
>>54961829
Do you have hidden volumes within hidden volumes?
>>54962334
RSA is not post-quantum. All superpower gov'ts, CIA, MI-6, Mossad and FSB have quantum computers now.
>>54964411
>implying the need quantum
>>54964557
You don't need them to factorise an RSA key, a classical computer can do that. You only need a quantum computer if you wanna do it in less than age of the universe years.
>>54964411
>cia
>m-6
>mossad
>computers
>>>/pol/.
>>54964683
what :^)
>>54961929
golly great now your passwords are cracked
>>54964411
>CIA - FSB
>Quantum
You know its cheaper just kidnapping and beating the password out of you , right?
>tfw using Last Pass
It just werks
>>54964889
>don't write in a paper
Werks better.
>>54944940
I have no reason to remember I can safely and easily store and retrieve. Like phone numbers and passwords.
>>54961929
And now that you're 12 maybe you should think about using password managers so your identity wont be stolen as easily
Regards, sysadmin
>>54964859
Good luck finding everyone you're slightly interested in and bringing them in. That'll require a lot of manpower. With powerful server farms intelligence gathering and big data collection can be automated with algorithms to hilight interesting stuff
>>54965097
Just hire the blackwater...or the mafia.
>>54944173
>trusting software that literally has "ass" in its title
https://www.passwordstore.org/
>>54965793
>KeepAss
I don't see the problem here
>>54944302
this
>>54946271
>using wangblow
gtfo you nig
>>54944284
Keepass uses sourceforge you don't directly download from website
Brice Schneier says to use paper and pen. I trust him more than you lot
>>54944173
>Open source wins again guys, r-right?
yep, use keepassx
Am I missing something? What ads? I've never seen ads in KeePass...
