KeePass’ reaction to a MITM bug report against its Update Check:
8.2.2016 @ 15:45: Received response from Dominik Reichl: The vulnerability will not be fixed. The indirect costs of switching to HTTPS (like lost advertisement revenue) make it a inviable solution.
I don’t feel comfortable using software whose developers’ priorities are so twisted.
That doesn’t even make sense considering the fact that, aside from apparently having their priorities quite wrong, they seemingly never considered the abundance of solutions, like hosting the downloads on different, secure servers like Putty does or simply waiting a few months until every advertiser uses HTTPS as it is starting to become more and more affordable, as well as enforced by Google…
This reaction really makes them seem both untrustworthy, as well as (at least seemingly) not willing to provide the product they claim to provide.
KeePass 2 - Bloated with mono dependencies and poor UI under Linux
KeePassX 0.43 - Works decently, tried and tested, but barebones, imports have issues, headed toward deprecation
KeePassX 2.0.2 - Works, less bloated than KeePass 2, but has issues interacting with virtual machines (when used on host) that were not present in 0.43, forced one-way import of KeePassX 0.43 databases, some small UI issues
KeePassX 2 seemed like the only way forward but the issues with VM interaction (auto-type) sent me back to 0.43.
Saw PasswordSafe in sid but didn’t give it a chance.
I don’t use auto-type, but the awful UI sent me back to 0.43. In a non-networked vm, 0.43 seems “good enough”. Will give Passwordsafe a go - Schneier’s brand should give it some activity.
Agreed. There are sufficient options, but tree view displays information very poorly and with no icons, clearly inferior to KeepassX. Double-click is unreliable depending on the action you have it set to (probably a bug).
The dragbar is a nice feature, but I haven’t put the auto-type or copy paste features through their paces to know if they’re reliable (for my own needs). Apart from deprecation this (functional auto-type) would be the only incentive I have to use (rather, move to) passwordsafe.
The dragbar is quite useful within a guest VM for quick copying fields without keyboard. But it can’t copy from host to guest (N/A for Whonix itself).
The Auto-Type only works from host to guest (N/A for Whonix itself) if you select the “Use alternate auto-type” in the options. With it enabled, it does not appear to choke the way KeePassX2 does (but only tried it only now; was running it in a guest only before).
I see no option to use keyfiles in passwordsafe to open databases (forgot about this). That might be a deal-breaker. Both KeePassX and Figaro supported them.
… aaaaaaaand now the wxwidgets-based UI is becoming unresponsive and I have to kill -9 it (running in Whonix Workstation again; best I can describe is all the buttons stopped working). That went downhill fast. (or this is not my day)
I am not so sure Whonix would do better with PasswordSafe in its current state either. You get a dragbar but lose keyfiles and decent tree view, and add whatever else just happened.
Hello,are you going to choose another password manager? Maybe you can try password manager Password Manager
it is worldwide use and reliable, it is free now and you can have a try also can make a conparison.
@entr0py removed link to spam/ad/frivolous product.
Maybe you can try password manager Password Manager
it is worldwide use and reliable, it is free now and you can have a try also can make a conparison.