[conspire] Fwd: Conspire Hey!
Rick Moen
rick at linuxmafia.com
Thu Nov 15 15:03:11 PST 2012
Quoting Ehud Kaldor (ehud.kaldor at gmail.com):
> I use Keepass, which is the same - an OSS password database and generator.
Notes:
Workstation-based. As mentioned, this is vulnerable to attack modes to
which an offline-based (e.g., PDA) datastore is not, e.g., if your
workstation is compromised then so is all access to your key datastore.
Requires .Net (on Win32) or Mono (on Linux/BSD). So, it's overfeatured
bloatware, which is exactly what you do _not_ want in any
security-sensitive software. OTOH, even a slightly dodgy datastore is
probably better than reusing passwords and using weak passwords because
you cannot remember many.
(I'm guessing you are using this as primarily an MS-Windows solution, so
something being dodgy and overfeatured is not much of a disqualifier in
that context.)
> Heard good things about Lastpass, but never used it.
Notes:
Also workstation-based. Which please see. It's basically a Web-browser
plug-in, thus specialised for that function only. Proprietary,
binary-only.
Actually, ugh! It's also back-ended into Internet-based 'cloud' storage
operated by LastPass, Inc. And they've already had some security
breaches.
(Like Claude Rains, I am shocked! Shocked! to hear that.)
More information about the conspire
mailing list