Is anyone using KeeWeb?

[rigoletto@]

Hello,

I just found this software called KeeWeb what is a password manager like keepass and others but seems to be more polished than the usual.

My concerns are related with security, especially using the self hosting web version.

Any of you have a positive experience with it?

Cheers!

 

[ab2k]

Hi, I do use KeePass2 - I really like it, when I could remember my pass for it ofc... joke ) It stores everything - you can attach files, do any memo's for any record you have, insane amount of plugins are available to connect with a 1 click - don't use any of em anyways, but i like amount of em and everything is keeping encoded.. An insane big thanks is going to Dominik Reichl for makin it. Never tryed KeeWeb actually - don't see any point to switch to it from KeePass, probably of my madness for security, just don't trust any hosted things, that out of my control...

 

[rigoletto@]

I am using KeePassX (desktop) and Keepass2Android (smatphone). I had not tried KeePass because I use Linux on my desktop and KeePass needs Mono to work. I am avoiding to install mono.

What I am really looking were for something which work on server-client fashion like LastPass, but I can install on my server.

I am trying to make it happen storing the database on a sftp server to the clients then access it, but two things are stopping me: KeepassX does not works with remote database, and Keepass2Android does but won't work here, I do not know why.

On the first look I though KeeWeeb would work because we can run it self hosted, but seems to be, in fact, just the frontend of the thing.

ownCloud/Nextcloud have some kind of password management app for that, what would be perfect since I am using Nextcloud, but I have not tried it yet and I do not know if they are reliable.

I know KeePass does more or less what I want with plugins, and I know I will need to install it (mono) at some point.

 

[Phishfry]

The last thing I would use for remembering passwords is a piece of software. Call me paranoid.

 

[Oko]

My concerns are related with security, especially using the self hosting web version.

Just install security/scrypt store things in plain text files and then encrypt them. Beats the pants out of all bullshit GUI programs. Learn to use UNIX filters and regular expressions to search through it.

 

[mefizto]

Hi Oko,

I was wondering if you could comment on the following article: http://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html, since it seems to me, that some of the statements are contradictory.

I am not concerned about three letter agencies, but a reasonable protection of passwords is desired.

Kindest regards,

M

 

[Oko]

Hi Oko,

I was wondering if you could comment on the following article: http://blog.ircmaxell.com/2014/03/why-i-dont-recommend-scrypt.html, since it seems to me, that some of the statements are contradictory.

Before we go any further let me say that my area of expertise is Dynamical Systems (Differential Equation, Classical/Celestial and Quantum Mechanics). So I am not a number theorist, nor cryptographer (even though I taught introductory university courses in both subjects at some point). Colin Parceval who wrote scrypt is a credible number theorist with Ph.D. from Oxford University in pure mathematics. scrypt is based of one of these papers

http://www.ams.org/mathscinet/search/publications.html?pg4=AUCN&s4=Percival,+Colin&co4=AND&pg5=TI&s5=&co5=AND&pg6=PC&s6=&co6=AND&pg7=ALLF&s7=&co7=AND&dr=all&yrop=eq&arg3=&yearRangeFirst=&yearRangeSecond=&pg8=ET&s8=All&review_format=html&Submit=Search


That is some serious peer review shit.

The blog is posted by a PHP programmer who is cryptography hobbyist. He might be onto something but unless Colin himself or one of my number theory colleagues write a paper why scrypt is not good crypto function I will assume that PHP guy have no clue what he is talking about.