MobileRead Forums - View Single Post

JoeD · 03-05-2013, 08:29 AM

I only trust open source password managers and of those I've looked over, two that look like they cover everything are Password Safe and Keepassx. Not done a detailed analysis though, just had a brief read the source to see how they handle key generation/storage and password stretching and to build a version for myself.

Whilst there could be bugs, they at least appear to do everything needed, which is more than can be said for many of the closed source offerings. Some were found to use weak encryption or stored a master password with the db or didn't perform key stretching...

Not looked at last pass, but I wouldn't trust any online service with my passwords even with client side encryption.

03-05-2013, 08:29 AM	#10
JoeD Guru Posts: 895 Karma: 4383958 Join Date: Nov 2007 Device: na	I only trust open source password managers and of those I've looked over, two that look like they cover everything are Password Safe and Keepassx. Not done a detailed analysis though, just had a brief read the source to see how they handle key generation/storage and password stretching and to build a version for myself. Whilst there could be bugs, they at least appear to do everything needed, which is more than can be said for many of the closed source offerings. Some were found to use weak encryption or stored a master password with the db or didn't perform key stretching... Not looked at last pass, but I wouldn't trust any online service with my passwords even with client side encryption.