[conspire] Fwd: Conspire Hey!

Rick Moen rick at linuxmafia.com
Thu Nov 15 15:03:11 PST 2012

Quoting Ehud Kaldor (ehud.kaldor at gmail.com):

> I use Keepass, which is the same - an OSS password database and generator.


Workstation-based.  As mentioned, this is vulnerable to attack modes to
which an offline-based (e.g., PDA) datastore is not, e.g., if your
workstation is compromised then so is all access to your key datastore.

Requires .Net (on Win32) or Mono (on Linux/BSD).  So, it's overfeatured
bloatware, which is exactly what you do _not_ want in any
security-sensitive software.  OTOH, even a slightly dodgy datastore is
probably better than reusing passwords and using weak passwords because
you cannot remember many.  

(I'm guessing you are using this as primarily an MS-Windows solution, so
something being dodgy and overfeatured is not much of a disqualifier in
that context.)

> Heard good things about Lastpass, but never used it.


Also workstation-based.  Which please see.  It's basically a Web-browser
plug-in, thus specialised for that function only.  Proprietary,

Actually, ugh!  It's also back-ended into Internet-based 'cloud' storage
operated by LastPass, Inc.  And they've already had some security

(Like Claude Rains, I am shocked!  Shocked!  to hear that.)

More information about the conspire mailing list