this post was submitted on 17 Jul 2023
113 points (96.7% liked)

Technology

58303 readers
12 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Hy,

In your opinion do you prefer Bitwarden or Proton Pass and why?

It seems proton pass have better integration with Firefox.

Good and bad?

Thanks.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Zikeji 4 points 1 year ago* (last edited 1 year ago) (1 children)

These are my opinions, not a security expert or anything but - if your system is compromised two layers won't make a difference. If someone gets ahold of the KDBX, two layers might slow them down but if they have the compute to crack the KDBX in the first place a second layer won't make a difference, even if you're using a stronger algorithm.

I can only think of two benefits.

  1. using two different algorithms adds a layer of protection in the event a flaw is discovered.

  2. If it's wrapped it would likely have a different extension and signature, so if someone were to say, hack the cloud storage provider and grab all the KDBX files you might get missed.

In any case, the encryption algorithms we use today will likely be irrelevant and useless at some point in the near future. If you suspect your KDBX has been stolen, you should change all your passwords - even if they can't crack it today, you don't want to get an unpleasant surprise in a decade because you didn't.

Although changing your passwords on interval is a good security practice anyway.

I also wouldn't sync them with a cloud storage system either, since you never know.

[โ€“] [email protected] 2 points 1 year ago

Yeah, that makes a lot of sense, thanks for the insight!