Linux Lite Forums General On Topic v
KeePassX - is updating secure?


LINUX LITE 7.2 FINAL RELEASED - SEE RELEASE ANNOUNCEMENTS SECTION FOR DETAILS


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode
KeePassX - is updating secure?
Searchernow Offline

*****
Posts: 188
Threads: 32
Joined: Aug 2017
Reputation: 0
#1
09-22-2017, 04:22 PM
I am reading the manual on using KeePassX, which I have installed through LL.

I would like to use it but the following article gives me pause to re-consider before I place all my logins in it.

I know the article refers to Kee Pass, and that that is not the same as KeePassX, but presumably the same organization.
https://lifehacker.com/keepass-vulnerabi...1781486764 

There is a link  https://bogner.sh/2016/03/mitm-attack-ag...ate-check/    in the article to a discussion on potential mitm etc. attacks. The gist is to check update downloads manually, but in the case of LL the updates are done by LL, so hopefully they're all via https?

I tend to trust Electronic Frontier Foundation recommendations, and LL, but the fact that KeePass were using http for updates not so long ago makes me a bit wary.
But maybe all this has been addressed?

I'm fairly new to Linux, so not well versed in the tech side of all this.
SN.  I hope my reply has been useful - click Thank on the left.
Find
Reply
banko Offline

Posts: 154
Threads: 6
Joined: Dec 2014
Reputation: 0
#2
09-23-2017, 05:25 AM
A good question.
Find
Reply
Valtam Offline
Administrator
*******
Posts: 8,905
Threads: 545
Joined: Feb 2014
Reputation: 5
#3
09-23-2017, 06:35 AM
https://superuser.com/questions/878902/w...d-keepassx
https://wiki.archlinux.org/index.php/KeePass
Download your free copy of Linux Lite today.

Jerry Bezencon
Linux Lite Creator

It wants no straps.

[Image: X5qGkCg.png]

[Image: 0op1GNe.png] [Image: LgJ2mtP.png] [Image: vLZcFUE.png] [Image: lrUHro3.jpg]
Website Find
Reply
banko Offline

Posts: 154
Threads: 6
Joined: Dec 2014
Reputation: 0
#4
09-23-2017, 09:19 AM
Thanks boss  Big Grin
Find
Reply
ptyerman Offline

Posts: 62
Threads: 3
Joined: Oct 2015
Reputation: 0
#5
09-23-2017, 12:38 PM
I've installed KeepassXC (https://keepassxc.org/) on mine, it's great at what it does and includes a tray icon. It also uses the same database files as Windows Keepass (KeePass 2.x (.kdbx)) and can import Keepass 1 files too. I find it a lot more friendly than KeepassX. It integrates with the browser using the PassIFox plug-in and works great.
Find
Reply
Searchernow Offline

*****
Posts: 188
Threads: 32
Joined: Aug 2017
Reputation: 0
#6
09-24-2017, 04:42 PM
Thanks Jerry,

I can see now it's a different app.

I will set it up as per manual etc.
SN.  I hope my reply has been useful - click Thank on the left.
Find
Reply
Valtam Offline
Administrator
*******
Posts: 8,905
Threads: 545
Joined: Feb 2014
Reputation: 5
#7
09-24-2017, 07:46 PM
No problem. A bit of advice, I would stay away from browser plugins. This is a great attack vector for hackers. The application itself should be fine, but attacking browser extensions is very easy.

Sent from my Mobile phone using Tapatalk

Download your free copy of Linux Lite today.

Jerry Bezencon
Linux Lite Creator

It wants no straps.

[Image: X5qGkCg.png]

[Image: 0op1GNe.png] [Image: LgJ2mtP.png] [Image: vLZcFUE.png] [Image: lrUHro3.jpg]
Website Find
Reply
Searchernow Offline

*****
Posts: 188
Threads: 32
Joined: Aug 2017
Reputation: 0
#8
10-05-2017, 08:21 PM
Yes, I did get wise to that, and my fresh install has just 2 plug-ins in Firefox, both from the EFF, https everywhere and privacy badger. The latter is said to be based on Adblock+ and does in fact block most ads.

Not a plug-in as such, but Firefox does use Disconnect.me in Private Browsing mode, but my paranoia reserves are sorely depleted right now, so I'll carry on regardless.
SN.  I hope my reply has been useful - click Thank on the left.
Find
Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)