If you still want obscurity, how about modifying the source of one of these tools to replace common strings with something random, including filenames used? It won't do much good but you could then have more assurance that this obscure one is still more secure against brute forcing.
Attacks using GPUs and FPGAs for brute forcing are getting very cheap indeed (hundreds to thousands of dollars) so it is worth using proper salting and stretching (iterated hashing) of passwords to protect against brute forcing.
I think the biggest vulnerability for Linux desktop users is (a) any copies of the password manager's encrypted DB file on non-"Linux classic" OSs, particularly Windows or Android, and (b) web app passwords being stolen via SQL injection and other web server attacks. I would protect against the former by mandating two-factor authentication on all platforms (LastPass using Yubikey or Google Authenticator is one example) and against the latter by using a password manager.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds