I have been researching what else I can use and the new thing I decided to try out which I found is called SafeMonk. I am just skeptical they did a good job with this because I noticed many things that are just a blatantly bad idea that they do, like communicating out to the internet, cleartext titles, etc.Īlso, I can't help but think to myself, if software is this buggy, how good can it's security possibly be? I'll admit, I have not tested their cypto, which I heard claims someone did and it was ok. Over the years I noticed a number of significant flaws like this, so my impression of this company is that they have nice looking marketing and they comment everywhere on the internet about the security, but it doesn't look all that good to me. Who knows what it's doing - you need to trust what the company tells you on that one, but if you install a network sniffer and check for yourself you'll see this app communicates outside your network, which for an app like this, I feel it has no good reason to be doing. I am not saying keypass or other options out there are any better, the designers in this field seem to universally lack common sense about usability or security.īut if you care about security, there is more. After some experience with it you might realize, as I did, that it is not worth the effort to take this approach. It's basic, essential features like being able to access your data.īut go ahead and try it out for yourself. I wasted an entire day just messing around with this software to upgrade from one release to another.Īll I can tell you is this option has a lot of limitations and the software is pretty buggy, just read the kinds of things people are having trouble with in the forums. Dropbox does all the syncing for you, you just save a file to the dropbox and it syncs on it's own. Simpler, you have control over your data, and there are no problems syncing. If you value your time, and time is money, you are better off entering your passwords in excel and encrypting that file using PGP. You have to sync with a 1password mac or pc version, there is no way to export directly from the app, and the wifi sync only works in certain network environments, and Dropbox syncing is fraught with bugs. I have used 1password for years and have thousands of records, and there is no way to export them that works. If you primarily use the iphone app, as I do, it is incredibly painful to export your data, which is essentially held hostage in this proprietary format. I just spent an entire day running into various errors on the mac and iphone versions of both latest versions of 3 and version 4 of the apps on IOS and lion. Wouldn't someone concerned about security not want people to know which banks you have accounts in and what things you have all saved in here? The security of this app doesn't seem that good to me.Īnd security is just one aspect of the app. I asked about this and was told that they use the mac keychain and it only encrypts the value not the keys. They claim to have such great security, but when I opened up one of the supposedly encrypted files in notepad (try it for yourself) all the record titles were visible in clear text. I'm switching away from 1password now, so I think your friends will regret going in the other direction. The passwords entered in those controls aren't even visible in the process memory of KeePass. None of the available password edit control spies work against these controls. ![]() ![]() This means that even if you would dump the KeePass process memory to disk, you couldn't find the passwords.Ĥ) Security-Enhanced Password Edit Controls: KeePass is the first password manager that features security-enhanced password edit controls. In contrast to many other hashing algorithms, no attacks are known yet against SHA-256.Ģ) Protection against dictionary and guessing attacks: by transforming the final master key very often, dictionary and guessing attacks can be made harder.ģ) In-Memory Passwords Protection: Your passwords are encrypted while KeePass is running, so even when the operating system caches the KeePass process to disk, this wouldn't reveal your passwords anyway. I'm not sure if you've talked about the other features below though.ġ) SHA-256 is used as password hash. I've read much of your blog where you emphasize how strong your encryption is and how you've implemented features that slow down password crackers' attempts. I'd just like to see how 1P compares to Keepass on the following factors, both to know for myself and to address questions if they come up. They are security conscious people and have always recommended Keepass (Win) and KeepassX (Mac). Hey Agilebits, I just recommended 1Password to some friends and I know that at least one purchased your Win+Mac bundle.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |