I want this but as a Linux distribution.
Uncategorized
207
Posts
103
Posters
5
Views
-
@liw Are you aware of any good options for an Android phone?
@mcc I'm afraid not. I don't use my phone for anything where I'd need a password manager.
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc You can avoid KeePassXC altogether. It's the nicest desktop client for your keepass DB, but you don't need to use it.
I am keeping an eye out for another fork for keepassxc if this goes on longer. On Android, you can use KeePassDX.
-
@lunarloony @luana @mcc but it's like: where to? 😔
@nina_kali_nina @lunarloony @luana @mcc This is why I use pass [1] despite its friction. It is just shell, pgp and git. I have zero trust issues with that setup.
-
@mcc Yeah, KeePassXC going this route really hurt. I'm probably going to migrate back to a text file encrypted with gnupg for basic password management, but I have no idea what I'm going to use for one-time passcodes.
@jcnotwit @mcc There is pass and it is exactly text files, pgp, and git: https://www.passwordstore.org/
-
@aiono @lunarloony @nina_kali_nina yes, there is an android app available that works quite good: https://f-droid.org/packages/app.passwordstore.agrahn
@lhengstmengel @lunarloony @nina_kali_nina Thanks, but I find it difficult to trust some person I don't know for my passwords. If it was an official app then it would be different.
-
@lhengstmengel @lunarloony @nina_kali_nina Thanks, but I find it difficult to trust some person I don't know for my passwords. If it was an official app then it would be different.
@aiono @lunarloony @nina_kali_nina what do you mean with "official"? It is open source. You can check all code, even compile it yourself. It is all individuals who build and maintain it. There is no big company backing it.
-
@aiono @lunarloony @nina_kali_nina what do you mean with "official"? It is open source. You can check all code, even compile it yourself. It is all individuals who build and maintain it. There is no big company backing it.
@lhengstmengel @lunarloony @nina_kali_nina By official I mean officially supported/endorsed by the pass project.
Yes all the code is out there, but I won't going to read all the code changes for every update. Since it's for a password manager, I am extra cautious.
-
@lhengstmengel @lunarloony @nina_kali_nina By official I mean officially supported/endorsed by the pass project.
Yes all the code is out there, but I won't going to read all the code changes for every update. Since it's for a password manager, I am extra cautious.
@aiono @lunarloony @nina_kali_nina
Yeah as I said, like many open source, it is all a community effort by individuals. There is a link from the official project page to an older version of the android app, it has been archived but you can still download the apk and it still works. The version in the app store is a fork that just implements fixes and dependency updates. There is no new functionality. I would say it is more open and reliable than any of the closed source alternatives.
-
@aiono @lunarloony @nina_kali_nina
Yeah as I said, like many open source, it is all a community effort by individuals. There is a link from the official project page to an older version of the android app, it has been archived but you can still download the apk and it still works. The version in the app store is a fork that just implements fixes and dependency updates. There is no new functionality. I would say it is more open and reliable than any of the closed source alternatives.
@lhengstmengel @lunarloony @nina_kali_nina To be clear, it seems like the best option in the pass ecosystem, and I prefer open source apps. Still, using an app for my passwords means I put a lot of trust on the developer. I don't think developers of this app have any ill intentions, but it's always possible that a malicious change gets through which would be catastrophic for a password manager. Ideally I want my trust chain to be very minimal for something like password manager.
-
@lhengstmengel @lunarloony @nina_kali_nina To be clear, it seems like the best option in the pass ecosystem, and I prefer open source apps. Still, using an app for my passwords means I put a lot of trust on the developer. I don't think developers of this app have any ill intentions, but it's always possible that a malicious change gets through which would be catastrophic for a password manager. Ideally I want my trust chain to be very minimal for something like password manager.
@aiono @lunarloony @nina_kali_nina yes I feel you. There's always a trust component. Indeed there have been nasty exploits in open source as well. Remember xz?
Alternatively you would need to build everything yourself. But then there's the "competency" issue. I am just not competent enough with encryption to be sure that I am implementing everything correctly, and not introducing possible exploits. And there's the "time" issue as well, of course. So I choose to trust the devs.
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc At which point are such applications just Claude with a logo tacked on?
-
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc Unclear about how KeePassXC is somehow compromised by using random key generators. The parameters are set by the user, and it is optional in any case. So what exactly is the problem here?
-
@liw Are you aware of any good options for an Android phone?
@mcc
I use keepassxc on my laptop, which is synced using nextcloud to my phone. There, I use keepassdx which is able to read the same files.
https://f-droid.org/packages/com.kunzisoft.keepass.libre
@liw -
@mcc
I use keepassxc on my laptop, which is synced using nextcloud to my phone. There, I use keepassdx which is able to read the same files.
https://f-droid.org/packages/com.kunzisoft.keepass.libre
@liw -
My understanding is that Bitwarden and KeePassXC, the two open source password managers, are *both* using random code generators at this point, which is terrifying as those are the exact tools where a small error could have the largest negative impact, and also tools that once you've committed to using it you can't quickly back out if they enter a code quality decline
@mcc I emailed BitWarden about this and their response was, literally, "our code is open source, so it's fine."
The shit sandwich they're making isn't more appetizing because they do it in public view. Promtpfondlers are somehow even worse than Bitcoin dweebs.
-
@mcc Unclear about how KeePassXC is somehow compromised by using random key generators. The parameters are set by the user, and it is optional in any case. So what exactly is the problem here?
@jeffmcneill "code" in this post refers to source code, e.g., the form of a computer program designed for reading and changing
-
@mcc the double (triple?) entendre of "random code generator" here is really upsetting
-
@sanityinc @glyph the thing that makes it problematic is not that it is artificial or tool-driven the problem is that it is thoughtless¹
we spent a hundred years with fiction training people to think of "AI" as "a thing which thinks, but in a different way" and this is now serving as marketing cover for a thing which actually does not think
¹ and also, the other problems
-
@sanityinc @glyph the thing that makes it problematic is not that it is artificial or tool-driven the problem is that it is thoughtless¹
we spent a hundred years with fiction training people to think of "AI" as "a thing which thinks, but in a different way" and this is now serving as marketing cover for a thing which actually does not think
¹ and also, the other problems
-
@sanityinc @glyph also at any one time maybe it's being puppeted by a human or a state intelligence service, who knows, the cloud service is a black box
Gli ultimi otto messaggi ricevuti dalla Federazione
-
Verona: “olimpiadi no grazie”. domenica 22 febbraio manifestazione contro lo spreco di fondi pubblici e la complicita’ nel genocidio a gaza
@anarchia
La rete veronese “Olimpiadi no grazie” ha convocato una manifestazione nazionale domenica 22 febbraio a Verona, in occasione della cerimonia di chiusura dei
-
@box464@mastodon.social oh I've been wanting to try that too! Especially if I'm going to be attending other conferences in non-English speaking countries.
@hongminhee@hollo.social mentioned something like this too, earlier when he was at FOSDEM 🙂
Wonder if it's available on Android and runs locally on my phone? That'd be best...
-
La marcia dei 40000 ha vinto. #Torino, la fine della piazza operaia - Vita.it https://www.vita.it/idee/torino-la-fine-della-piazza-operaia/
-
@stefano to err is human, you are forgiven 😂
-
5.000 follower su #Mastodon! Grazie a tutti per aver scelto di seguirmi! È un piacere raccontare la scienza in questo luogo dove il dialogo è costruttivo e il confronto avviene con toni cordiali
-
This is computing. Peace was never an option.
-
Oh..live translations on iPhone is pretty cool. I need to learn how to use this better. Still not going to make comments and quotes until I feel more confident in how this works.
-
@stefano Installing Linux was not an option, I assume…
