09-22-2017, 04:22 PM
I am reading the manual on using KeePassX, which I have installed through LL.
I would like to use it but the following article gives me pause to re-consider before I place all my logins in it.
I know the article refers to Kee Pass, and that that is not the same as KeePassX, but presumably the same organization.
https://lifehacker.com/keepass-vulnerabi...1781486764
There is a link https://bogner.sh/2016/03/mitm-attack-ag...ate-check/ in the article to a discussion on potential mitm etc. attacks. The gist is to check update downloads manually, but in the case of LL the updates are done by LL, so hopefully they're all via https?
I tend to trust Electronic Frontier Foundation recommendations, and LL, but the fact that KeePass were using http for updates not so long ago makes me a bit wary.
But maybe all this has been addressed?
I'm fairly new to Linux, so not well versed in the tech side of all this.
I would like to use it but the following article gives me pause to re-consider before I place all my logins in it.
I know the article refers to Kee Pass, and that that is not the same as KeePassX, but presumably the same organization.
https://lifehacker.com/keepass-vulnerabi...1781486764
There is a link https://bogner.sh/2016/03/mitm-attack-ag...ate-check/ in the article to a discussion on potential mitm etc. attacks. The gist is to check update downloads manually, but in the case of LL the updates are done by LL, so hopefully they're all via https?
I tend to trust Electronic Frontier Foundation recommendations, and LL, but the fact that KeePass were using http for updates not so long ago makes me a bit wary.
But maybe all this has been addressed?
I'm fairly new to Linux, so not well versed in the tech side of all this.
SN. I hope my reply has been useful - click Thank on the left.