Encrypted password storage. Any of you use it? Things like PasswordSafe

Encrypted password storage. Any of you use it? Things like PasswordSafe.
If so, why? If not, why not?

I use KeePass. You should use a password manager, but not cloud solutions like LastPass. Using things like that is just asking to be buttfucked.

keepass. it's popular, it works, and its had a code audit.

>Open text file
>write account and password info
>save file
>close file
>encrypt file with gpg

Yep, can't understand why someone would upload all their passwords to a cloud storage.

Looks like the differences between the different managers is mostly just the interface, no?

>maybe i have a little more self respect

Yes and I rolled my own

Why:
>Because I do not trust antivirus which I sometimes run only to make sure that my windows crack hasn't deposited a surprise on my comp.

Interface and of course file format.

Just use pass. Simple, secure, free and open source, easy-to-use, no cloud bullshit.
Every other local password manager is just a bloated, proprietary and not-as-well audited implementation of pass.

You're retarded.

>maybe i have a little more self respect
What's wrong with GPG?

Nothing, but programs developed to manage passwords are more convenient than a folder of encrypted notepad documents.

what do i do if i have multiple computers? i.e. desktop and laptop?

Save a copy of the password database on one of these, along with the program to run it.
Less convenient, but I feel it's worth the reduced possibility of unwanted access.

>corrupt filesystem/stick

whoops

dumbfuck

>save a backup

What if you added another password?

how about only having a single textfile

Then you'll need to update one of them. Like I said, less convenient, but presumably you won't be making new passwords /that/ often.

>not writing down your passwords in your diary

>not using the same password everywhere so you dont have to use unsafe password managers
enjoy your botnet sheeple

What is the best, most secure implementation of KeePass ? Should I use u2f ?

or you could upload your password database to something like github and then just sync changes across platforms.

it's not like your password db should be stored in some unencrypted form or anything.

or you know, you could use scripts to manage them.

I wouldn't do that. If you're retarded enough to have it in a public repo (I'm assuming because you're only allowed public repos unless you pay), you might get rekt if there's a vulnerability discovered.

Even if it's a private repo, it's a bad idea.

I'm so sure there is going to be a vulnerability in RSA 4096B in the coming years.

get real.

OpenSSL> aes-256-cbc -a -salt -in passwords.txt -out passwords.txt.aes
enter aes-256-cbc encryption password: ************
verifying - enter aes-256-cbc encryption password: ************
shred -vzn38 passwords.txt
OpenSSL> aes-256-cbc -d -salt -in passwords.txt.aes -out passwords.txt
enter aes-256-cbc decryption password: ************

I store the database in a owncloud instance I have on a server. Password protected with an offline key file.

Explain

welp. atleast i have an actual purpose for my raspberry pi now.