please forgive beginner question.
I have been using Xubuntu for several years now; this question is regarding password managers under Linux/Ubuntu.
I have been using Keepass2 which is just such an amazing password manager; HOWEVER
I have the following 2 questions re this:
- I am using KeePass-Http connector (just such a useful and quick extension to enter logins/passwords!) and there are some security concerns re this:
from the website of KeepassXC: https://keepassxc.org/project/
A note about KeePassHTTP
KeePassHTTP is not a highly secure protocol and has certain flaws which allow an attacker to decrypt your passwords if they manage to intercept communication between a KeePassHTTP server and KeePassHTTP-Connector over a network connection (see https://github.com/pfn/keepasshttp/issues/258 and https://github.com/keepassxreboot/keepassxc/issues/147. )KeePassXC therefore strictly limits communication between itself and the browser plugin to your local computer. As long as your computer is not compromised, your passwords are fairly safe that way, but use it at your own risk!
As of KeePassXC 2.3, we deprecated KeePassHTTP in favor of KeePassXC-Browser.
However, I have now tried using KeepassXC which has changed beyond recognition in the past few months. Superb!
It doesnât need Mono (if I understand correctly) and it uses KeePassXC-Browser (rather than KeepassHTTP)
Would anyone have any comments re the security of KeePassXC-Browser extension?
2. in order to run Keepass2 (esp if also using the Keepass-Http connector) one needs Mono.
Some would say Mono is a security risk.
Is this correct? â I would have thought that I would be unlikely to âaccidentallyâ execute malware as root under Linux?
Sorry for mix of questionsâ¦ basically I am asking if, under Linux, KeepassXC would probably be safer to use compared to Keepass2?