Andrei (KeePassium)

Samuel, I don't see much point in further discussion. There are several fundamental flaws in your approach; they are outlined in my previous comments. Storing master keys on somebody's server is a bad idea, regardless of their intents or identity. In response, you try to shift the burden of proof to the reader, aka ad ignorantiam ("hack that server") mixed with a bunch of strawmen ("If you have weak password") and anecdotes (the Afrikaans guy). This would make sense from a teenager who does not know...

It took not so long to find your real name, nationality, address, phone number, and a ~800x800 smiling photo. Your postcode ends with 7GU and you seriously overestimate your security skills.

Sapienti sat. I rest my case.

Hi Samuel, This is common security strategy, Andrei. That's how secret links work, Andrei. Read links in my github. I acknowledge your condescending style, it surely makes your arguments stronger. /s How is your solution conceptually different from a key file at a secret URL? No need to remember the file, no need to type it, cannot forget. The only hiccup is — you need to remember that secret URL. Which is also a valid concern for your approach. Argon2 is not holy grail. If you have weak password,...

Let me summarize: an anonymous author invites you to store your DB keys on their server. Are you still reading? Ok, there is more: Has minimal history of GitHub activity Has a newly created SourceForge account The plugin is a low-effort code that basically downloads a plain-text key from a publicly visible URL Host address is hard-coded, compiled plugin is included for your convenience README is 15 KB, the source is 2.55 KB (a third of it is boilerplate) Heavy focus on how-to use (author's server),...

Let me summarize: an anonymous author invites you to store your DB keys on their server. Are you still reading? Ok, there is more: Has minimal history of GitHub activity Has a newly created SourceForge account The plugin is a low-effort code that basically downloads a plain-text key from a publicly visible URL Host address is hard-coded, compiled plugin is included for your convenience README is 15 KB, the source is 2.55 KB (a third of it is boilerplate) Heavy focus on how-to use (author's server),...

Michael, do you need specifically KeePass? (That is, you need some plugins or like Windows UI on macOS.) If not, there is KeePassXC which installs as a normal Mac app and runs on macOS natively, without Mono (a 370 MB behemoth of a library).

John, unfortunately, there are quite a few people who would absolutely seriously say that them posting to a wrong forum is not a reason for notifications to fail. So frequent helpers here got used to be blamed for most bizarre reasons, and your joke pretty much whooshed by the audience. But in retrospect it was a good joke :)