undefined | Better HN

0 pointsDylan168073y ago0 comments

Having to compromise KeePassX rather than Dropbox, and specifically while you are updating, is not an insignificant difference.

0 comments

lolinder3y ago

Having to do it while updating narrows the window of opportunity for sure, but I don't think KeePassX is a more secure target than Dropbox or Bitwarden.

They don't have to get bad code into an MR (though that's one option), they could compromise the website and have it distribute a different binary. If you build it from source you're safe against that, but are you really building it from source?

Also, remember that the same logic applies to Bitwarden: they need the master password and therefore must compromise the client during the window where you update it.

j / k navigate · click thread line to collapse

0 comments

lolinder3y ago

Having to do it while updating narrows the window of opportunity for sure, but I don't think KeePassX is a more secure target than Dropbox or Bitwarden.

Also, remember that the same logic applies to Bitwarden: they need the master password and therefore must compromise the client during the window where you update it.

j / k navigate · click thread line to collapse