undefined | Better HN

0 pointsstavros4mo ago0 comments

The person there requested that KeePassXC don't let users export their keys in plaintext, which seems reasonable. He asked that the software encrypt the keys with a user-selected password before exporting, so someone stealing the files wouldn't have the keys to literally all of the user's sites. That doesn't seem unreasonable to me.

0 comments

throwawayffffas4mo ago

Not really dude, if I can't export in plaintext I can't pick the encryption I have to use whatever keepassxc will do. I can't pipe it to gpg and encrypt it with my key.

And on the other hand I can only load them to another keepass instance I can't switch credential managers.

If you are worried your system is running malware that will steal your plaintext keys, well bad news they can steal the encrypted keys and keylog your password.

joshuamorton4mo ago

> If you are worried your system is running malware that will steal your plaintext keys

No, I'm not worried about this since I do not and will not copy my keys.

I'm worried about my friends or family using the most secure options possible (passkeys) and still getting phished because they paste their plaintext secrets into a scam site.

throwawayffffas4mo ago

Even without copyable keys, if your friends and family can be tricked into pasting their plain text keys into a scam site, they can be tricked into pasting their encrypted keys and their associated password to a scam site.

The point of encryption at rest is to protect your data if your device is accessed by a third party. Not from user action.

1 more reply

j / k navigate · click thread line to collapse

0 comments

throwawayffffas4mo ago

Not really dude, if I can't export in plaintext I can't pick the encryption I have to use whatever keepassxc will do. I can't pipe it to gpg and encrypt it with my key.

And on the other hand I can only load them to another keepass instance I can't switch credential managers.

If you are worried your system is running malware that will steal your plaintext keys, well bad news they can steal the encrypted keys and keylog your password.

joshuamorton4mo ago

> If you are worried your system is running malware that will steal your plaintext keys

No, I'm not worried about this since I do not and will not copy my keys.

I'm worried about my friends or family using the most secure options possible (passkeys) and still getting phished because they paste their plaintext secrets into a scam site.

throwawayffffas4mo ago

The point of encryption at rest is to protect your data if your device is accessed by a third party. Not from user action.

1 more reply

j / k navigate · click thread line to collapse