I’ve been using Keepass for about two years now but I’m looking to switch. The downside to this has been that absolutely nothing seems comparable in terms of security.
Initially I used Strongbox but they sold to a crappy company. Keepassium is solid on iOS but the desktop version is just a mobile port and leaves much to be desired.
Combine that with finding sync to be extremely annoying. Limitations around attachments because larger Keepass files are more of a pain to sync. And it really feels like the structure is just a bit chaotic. Custom fields _are_ nice to have but they also feel like I’m just bolting on random information to my entries. Really, I just don’t jive with “the Keepass way”.
In terms of clients, I like to avoid Electron or anything which is just a desktop wrapper around a website. This puts tools like Bitwarden pretty low on my list.
While searching I came upon Codebook[0]. It does _not_ meet the requirement to be a recommendation on PG but my preferences/requirements are a little bit different.
A few cons from my end:
* Not OSS
* Does not use Argon2 for KDF (PBKDF2-HMAC-SHA512 @ 256k)
* No audit
* Limited feature set
However, what keeps me considering this is that it is the same org the develops SQLCipher. Signal uses it as their local message database. It is, AFAICT, a highly reputable piece of software. Additionally, they support third-party sync although I would probably use first-party because I am so tired of fighting sync problems.
Does anyone have experience with this tool or am I missing some obvious flaw with it that makes it a bad choice - on par with choosing something like LastPass.
-–