this post was submitted on 10 Aug 2023
343 points (93.2% liked)

Memes

45746 readers
1693 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 

The inner circle so to speak

you are viewing a single comment's thread
view the rest of the comments
[–] IzyaKatzmann@hexbear.net 2 points 1 year ago (1 children)

Had anyone heard of or tried buttercup? Any thoughts?

I was mulling around the idea of using KeePass but it seems to be too inconvenient. The pretty UI and cool name makes me want to try buttercup.

[–] Eufalconimorph@discuss.tchncs.de 3 points 1 year ago (1 children)

KeePass + Syncthing is pretty convenient.

Buttercup looks to be using AES-CBC with PBKDF2 and no authentication, but I only took a very brief look so I may have missed important details. That's not secure if an attacker can alter the vault file, and PBKDF2 isn't a great KDF to use. If you use this, you definitely need a 128-bit or higher entropy passphrase (10 Diceware words). You usually want that anyway, but using a weaker string for your master password will be less secure than you expect compared to something using a modern KDF.

[–] IzyaKatzmann@hexbear.net 1 points 1 year ago

Thanks for the insightful response. I'm gonna spend some time searching for all those terms you mentioned because much of it is stuff I've only heard in passing or never heard of at all. I'll try to find what works well enough for me. Wish me luck!