Re: [PLUG] password safe

Rich Freeman on 5 Jan 2016 08:29:17 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] password safe

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] password safe
Date: Tue, 5 Jan 2016 11:29:12 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=GYhYMQvZYNub9hLl06QYh1MUZG2MamweF12TvCtSo5w=; b=uEJP1x9HeMi7o7dttWu+ajwF0KL+9ncs1VOkLITbiCryph1JiwQbrXzyeIxu4WME3U gVYlbtdXbz/RzTKBeiL3KmaZ4CMoUFMNNqOTJbqQUDqTxsuTp/jialTqxSA336UjprBV DUurSpwRbA/qOMpDolaruv6sQh2Q0HTQQieTliBfq8wq+KzPZS7ilJc7j5pc8Qh5xHP2 1MgEc5D86JdmcGr7c8WkXq7M05LgJLgvuEW3oE44Nl+LSZYMBqZD+h0o8hrdogjRIRKe 4ZxT9X3DuGIaDWOy+WPAkLiPbAswlKMFKiH9jD7CcvqZZxdZCm4p8xgynA8J4z/MJ1uG WS1w==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Tue, Jan 5, 2016 at 11:13 AM, Keith C. Perry
<kperry@daotechnologies.com> wrote:
>
> From what I saw on lastpass's website their encrypted value mechanisms would be acceptable to me but it's still not something I would use.
>

My biggest concern with lastpass is that if they're hacked somebody
can potentially change your client.  It is all Javascript with local
encryption, but if you can change the code you can just have it pass
the key back to the compromised server.

So, an attack that just grabs their entire database isn't a huge
threat since the data is all locally encrypted.  However, a persistent
undiscovered attack is a much larger threat since it can be used to
skim passwords as people run the client.

That is actually a threat if somebody compromises your distro and
updates you to a compromised version of Keepass or such as well, but I
don't think people update their software as often as they reload their
browser.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] password safe
  - From: "Rich Mingin (PLUG)" <plug@frags.us>
- Re: [PLUG] password safe
  - From: "Keith C. Perry" <kperry@daotechnologies.com>

References:
- Re: [PLUG] password safe
  - From: Joe Rosato <rosatoj@gmail.com>
- Re: [PLUG] password safe
  - From: Robert <mlists@zoominternet.net>
- Re: [PLUG] password safe
  - From: Josh Zenker <jzenker@gmail.com>
- Re: [PLUG] password safe
  - From: "Rich Mingin (PLUG)" <plug@frags.us>
- Re: [PLUG] password safe
  - From: Thomas Delrue <delrue.thomas@gmail.com>
- Re: [PLUG] password safe
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] password safe
  - From: Thomas Delrue <delrue.thomas@gmail.com>
- Re: [PLUG] password safe
  - From: "Keith C. Perry" <kperry@daotechnologies.com>

Prev by Date: Re: [PLUG] password safe
Next by Date: Re: [PLUG] password safe
Previous by thread: Re: [PLUG] password safe
Next by thread: Re: [PLUG] password safe
Index(es):
- Date
- Thread