The inner circle so to speak

  • IzyaKatzmann [he/him]@hexbear.net
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Had anyone heard of or tried buttercup? Any thoughts?

    I was mulling around the idea of using KeePass but it seems to be too inconvenient. The pretty UI and cool name makes me want to try buttercup.

    • Eufalconimorph@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      KeePass + Syncthing is pretty convenient.

      Buttercup looks to be using AES-CBC with PBKDF2 and no authentication, but I only took a very brief look so I may have missed important details. That’s not secure if an attacker can alter the vault file, and PBKDF2 isn’t a great KDF to use. If you use this, you definitely need a 128-bit or higher entropy passphrase (10 Diceware words). You usually want that anyway, but using a weaker string for your master password will be less secure than you expect compared to something using a modern KDF.

      • IzyaKatzmann [he/him]@hexbear.net
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Thanks for the insightful response. I’m gonna spend some time searching for all those terms you mentioned because much of it is stuff I’ve only heard in passing or never heard of at all. I’ll try to find what works well enough for me. Wish me luck!