[baldfat]

Using Dropbox for Security seems like a oxymoron? I fail to see that as anything I am willing to use.

[sri_cyberdude]

"Using Dropbox for sync". It's just an option. Password db is already encrypted, so it does not matter which service is used for sync :)

[pixard]

Why? The database itself is encrypted. Dropbox is just a easy way to sync it between devices.

[zipperhead]

I store the private keyfile outside of Dropbox. To me it's a very acceptable tradeoff.

[746F7475]

What makes you trust LastPass to spread your database to your devices more? And what makes Dropbox so bad?

[MichaelGG]

Dropbox runs a binary on your machine; that's enough to suspect them. Stick with an open source password manager and an open sync service (S3 plus a script? Or a third party client like Arq).

[746F7475]

Yeah... I'm not in the RMS camp

[MichaelGG]

Nothing to do with software freedom, everything to do with security/auditability.

[flashman]

Yeah, with Dropbox software running on your machine, you not only have to trust them not to snoop on you, you have to trust their non-auditable code to be ~perfect~ against exploitation by others.

[746F7475]

Unless you actually read through and understand your open source alternative line by line you aren't really running anything safer

Of course there is the argument that since it's open source it's safe since someone has "audited" it, but many times that's not true.

And even then unless you spend a lot of time trying to break it so you understand it completely you are way better off just writing your own solution, but that takes time and effort