Re: questions about password safes

[Scott Ferguson <scott.ferguson.debian.user@gmail.com>]

On 08/03/14 18:36, Ken Heard wrote:
> At the risk of allowing this thread to drift further, I have
> another question about password managers.  Both Iceweasel and
> Icedove have such managers for all the passwords needed to open
> accounts accessed through those two packages.  How does the
> security of these password managers compare with the others
> mentioned in this thread?

Well.
They're audited, and quickly patched.
But apples to apples - the other password managers are designed to not
just manage passwords on one box, but to enable using those passwords
(and usernames) on other devices - so there is an extra component to
be measured. (and good ones encrypt each password and user name file
separately - the all eggs in one basket only applies to the
inconvenience if you lose it, not the ease with which an attacker can
access them).

Though it's not that simple - Iceweasel does use sync for cross
platform/multi-device password sharing (a handy feature, that support
more than just passwords), however it's been audited several times and
is quickly patched. Audits don't ensure security, but not auditing
ensures security is untested.

To further the drift.... KWallet can be used to store Iceweasel
passwords with an extension. KWallet is also "secure" (for use)

Back to the original subject, multi-platform password managers, the
best (audited) ones are all Open Source, a value cryptographers
appreciate.

> 
> Regards, Ken
> 
> 
> 

Kind regards