Keepass is safe11/18/2023 ![]() Even an unencrypted text file with site-specific passwords in, stored on your local system ( please don't do this!) offers good protection against this attack method, compared with memorising one really strong password and using it everywhere. They tend to go for database dumps with lots of different passwords in, looking for potentially useful data they can use to gain value, in the form of more useful sites, or in goods. It is rare for non-nation-state/espionage attackers to go after specific passwords. in-memory data being recoverable) is better than repeating passwords across multiple sites, given the most common attack vectors. In this case, though, I suspect that even a password safe with local flaws (e.g. I can't find any evidence of one against PasswordSafe, which is probably the most direct competitor either. ![]() However, I can't find any evidence of an independent security analysis being carried out against the code. There was also a tool released, KeeFarce which claimed to be able to extract passwords from memory of running Keepass instances. There is a paper by Paolo Gasti and Kasper Bonne Rasmussen from the University of California which looks at the storage formats used by various passwords managers - they do highlight some issues with Keepass 2.x format, but these have been fixed since the paper was published. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |