Keepass with mono vs keepassxc11/9/2023 And automated updates of the tool could also be undermined. Also, there is always a slight risk that Windows executables break after an update or so (update of the tool, or of wine). However, I am not sure if all security guarantees can be transferred to this approach, and it adds attack vectors. So, you could install wine on Fedora and use KeePass within that. The developers state that it should work within wine ( wine is in Fedora’s repo). See the download section: Downloads - KeePass There is theory, and then there is reality.This is a Windows-only tool, not intended to natively run on Linux. This just does not happen.Īgain, if I missed something, please provide a link to a news report. Just to get into Joe Blow's Kee Pass database. The sort of vulnerabilities the most powerful spying agencies of the world keep to themselves, because they are worth so much. Who's going to buy expensive graphics cards, expensive electricity and spend weeks to break a single Kee Pass database (then possibly failing), just to get into a very ordinary Gmail account ? While it's so easy to access thousands of them through other means ?Īlternatively, the hypothetical hacker would need to exploit a vulnerability in Kee Pass XC. Therefore, it's a sure bet they have a unique, reasonably strong password. Most people using password managers are aware of proper password rules (otherwise, they would not bother to use one). A Kee Pass database, by default, is present only on its user's computer. Or, indeed, into any password database.īecause that would require, first, finding such databases. It's just not worth it for hackers trying to farm identifiers by the millions to try and break into a Kee Pass database. That's how identifiers are stolen in real life (as opposed to theoretical scenarios you read about on privacy forums). Help forums are full of requests saying : my email account was hacked (because I reuse the same password everywhere, I have a lousy password or I fell prey to phishing), what can I do ? On the other hand, the media is full of reports saying : site X and Y have been hacked wholesale, and the hacker got away with all the identifiers. Did you ? Has anyone reading this thread come across such a person ? How many times did you read an assistance request from a user who got his Kee Pass database hacked ? I never did. How many times did you read a news report of this happening through the hack of a Kee Pass database ? Never. Every day, anyone lurking on tech forums can bump into people asking for assistance because "their identities were stolen". How are they stolen ? Not by breaking into Kee Pass databases.Įvery day, as you say, there are news reports about "identities of regular people being stolen". Has KeePassXC ever been successfully hacked, because of some vulnerability ? Not to my knowledge. However, who are you ? Do you hold Putin's nuclear suitcase, or something ? Unless your passwords are that important, you don't need to bother with such extreme checks. The programmers are different, and they can do as they please (provided they keep database compatibility, which is a given). Trust in KeePass does not automatically imply trust in KeePassXC. If new code is added, new vulnerabilities can be introduced. An audit is valid only for a “snapshot” of the code. Some flaws can be overlooked even by the best auditors. An audit is not a 100% proof that a software is safe and secure. Maybe you can beg OSTIF or OTF for funding a KeePassXC audit. We receive some donations, but those are not enough to finance an audit. There is no company or business behind KeePassXC and we have other expenses. Having a third-party security audit comes with a considerable price and at the moment, KeePassXC is a purely community-driven project. : Has KeePassXC ever had an external security audit? Why not?Ī.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |