You can aalso use your Snap package, which on AppArmor-activated systems (e.g. We do sign our Windows binary with a trusted Comodo certificate, but you can imagine that this has no implications at all for what our application does or is allowed to do.Īs mentioned earlier, you can sandbox KeePassXC to make sure it doesn't do anything you don't want. Would love to hear input from others on this.įirst off: we can't give you any guarantees besides our open source code (which you can check at any time) and our sincere affirmation that we want your passwords to be safe. Other things being equal I'd rather use software that is being actively maintained. That and the integration of KeePassHTTP, which KeePassXC maintainers describe as "not a highly secure protocol" and having "certain flaws" on their project homepage, listing two Github issues that discuss it here and here, give me a bit of pause (note that it appears KeePassHTTP is turned off by default in KeePassXC).Īt the same time, it doesn't appear that KeePassX will be getting updated anytime soon(?) (latest version was released in October 2016). I'd consider that very basic quality assurance that especially security-related projects should do by default." Full disclosure here is that I don't really understand how big a deal the bug is/was, but it does appear that you don't get new features without the potential for introducing security issues at least of the level worth patching. The developer who submitted the bug fix writes: "Given that this bug is present means apparently that nobody ever tested the keepassxc code with address sanitizer. at least one pull request that KeePassXC has accepted is a fix for a security issue created by a feature that KeePassXC added on top of KeePassX. I brought up what appears to be an example of this in a previous comment: Risks with switching from X to XC, then, is that new vulnerabilities have been introduced to XC since the forking. My understanding is that KeePassXC is a fork of KeePassX, which has been around a while and, I believe, is well regarded. I've also been wondering about this for a few months- I asked a similar question here and here and got a few potentially helpful responses.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |