Jump to content

Talk:KeePass

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 96.250.126.152 (talk) at 01:50, 21 April 2018 (Removed from wikiproject CS- specific software tools are discussed under wikiproject computing). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Is this a copyvio from here? There are many exactly duplicated sentences in each, and a copyright is claimed on the linked page.--Hansnesse 19:03, 21 January 2006 (UTC)[reply]

NPOV

The entire article reads like an argument for using KeePass. I added the {advertisement} tag for cleanup. Paul6743 04:10, 21 October 2006 (UTC)[reply]

.NET

Note that KeePass version 2 (currently in alpha) is written entirely in .NET, unlike the current 1.x who doesn't need it. grawity 18:51, 31 March 2007 (UTC)[reply]

Not an Advertisement

I know nothing about this software, and the article does read like advocacy. However, most if not all of the statements that it makes are empirically verifiable or falsifiable claims. Unless there's clear evidence that some of the material is untrue, it merits rewriting more than deletion. kraemer 05:16, 10 July 2007 (UTC)[reply]

Cryptanalysis?

Has anyone done an attack or a produce cryptanalysis report to prove its credibility.

Shin-chan01 (talk) 21:55, 17 November 2007 (UTC)[reply]

Flaws, Drawbacks, Shortcomings or Criticism?

This may be a well-written program or not, but I have no personal knowledge either way. However, in order to have/maintain NPOV and following on the comment in "Cryptanalysis?" above, I think there should be a section included about known or potential issues with this software. Two items come to mind: (1) someone only needs to crack a single password to have access to 50 or so others, and; (2) if the password file has a fixed (or even default) filename, it would be a logical target for code crackers. It seems like the latter is indirectly addressed in the current version of the article, but it could be clearer IMHO.

Even if you have the actual file sent to you for cracking, if it is secured by a reasonably long master password (like 12 random characters) it will do you no good. A firsthand report of such a failed attempt can be found at http://www.excivity.com/ComputeCycle/cracking-keepass-passwords/ - the reason why this is so is explained in the KeePass documentation - the file is encrypted many times over so that it actually takes a real amount of time for each try. Cynebeald (talk) 16:26, 26 September 2012 (UTC)[reply]

I found out about this program at about the same time from our (large, trustworthy) corporate IT department and from a monthly newsletter from HP. I was concerned when I looked it up and didn't find a discussion of the potential problems I mentioned above. If KeePass has already addressed these issues, it should be mentioned.--CheMechanical (talk) 17:12, 27 January 2008 (UTC)[reply]

Comparison with built-in OS solutions?

I would be interested on how this compares to e.g. Apple Keychain in terms of encryption / hackability. The same holds for any Windows-own password storage if there is any. Perhaps this information should also onto the appropriate pages for OS-included password databases. —Preceding unsigned comment added by 85.176.183.231 (talk) 05:48, 10 July 2008 (UTC)[reply]

As per my comments below on OpenSource - Both KeyChain and KeyPass are safe. Given what these programmes do that is paramount - above even the user interface and functionality. — Preceding unsigned comment added by 84.92.230.173 (talk) 12:29, 7 November 2015 (UTC)[reply]

Data Fields

In my current task of evaluating different Password keeper/manager programs for both Mac and Windows, I would like to add a section which lists the data items that KeePass (and KeePassX) store. Any objections to my adding that as a new section? Beginnersview (talk) 10:00, 15 September 2008 (UTC)[reply]

KeePassX

The article KeePassX was merged into this one, and now redirects here, however, there is almost no mention of KeePassX; just one sentance that links to KeePassX, which redirects here. HuGo_87 (talk) 16:32, 18 April 2011 (UTC)[reply]

HuGo_87, Good point. I added an external link and the logo. Keith Cascio (talk) 02:56, 1 January 2012 (UTC)[reply]
KeePassX is not KeePass! It started as a KeePass clone, KeePass/L for Linux, but since long is a software on its own, also available for Windows. It shouldn't be merged with KeePass. You don't merge other password managers too... JaKi143 (talk) 14:52, 15 September 2013 (UTC)[reply]

I agree with this; KeePassX should have a separate page. AdmiredSneeze (talk) 14:29, 6 January 2016 (UTC)[reply]

Brief Security Audit Paper - 2014

This could be useful in assessing KeePass's security:

https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-silver.pdf

Exercisephys (talk) 23:41, 14 September 2014 (UTC)[reply]

KeeFox

The version is 1.4.6 - Released 2015 Jan 15 on Mozilla Addons Page 69.230.97.74 (talk) 05:43, 27 January 2015 (UTC)[reply]

Security issue?

https://news.ycombinator.com/item?id=9727297 — Preceding unsigned comment added by 109.106.59.240 (talk) 21:46, 16 June 2015 (UTC)[reply]

It is a forum post, not anywhere near WP:RS - Ahunt (talk) 19:18, 17 June 2015 (UTC)[reply]

Open Source

I feel one of the biggest threats in a password manager is simply that it has a back door. A password manager written by a small company or private individual could in theory become popular through a good interface design and other facilities - only to be "harvested" via internet of everyone's bank account details a few years further down the road. Consequently there are only two forms of password manager worthy of trust and they are 1) Those promoted by multinationals of some intrinsic standing (Microsoft, Apple, IBM, HP...) who would have so much to lose from such a product going rogue it can then be assumed trusted if it carries their name 2) Programs that are managed by an open source community where the code can be freely inspected - which does not undo the security as that still needs the password - it just makes plain there is nowhere for malicious code to hide.

Not only should this article make plain this is the case with KeyPass - all such articles about open source should mention it prominently.

I feel sorry about small independents making such software re my comment, but frankly they should not be coding and promoting such things.

Lawl, better read Dual_EC_DRBG and mini. Multinationals will sell you for the highest bid. --分液漏斗 (talk) 18:26, 13 June 2016 (UTC)[reply]

Do you trust that there is no backdoor in Bit Locker simply because it is the product of a large corporation? I don't. Gentleman wiki (talk) 09:14, 11 March 2017 (UTC)[reply]

EU-FOSSA security software audit underway

Not sure if this is already worth including, but the EU-FOSSA project is currently auditing KeePass. Just as a note, maybe someone wants to work it in or keep track, and work in the results. https://joinup.ec.europa.eu/community/eu-fossa/home 149.172.134.6 (talk) 15:01, 27 August 2016 (UTC)[reply]

Cryptography

Without being too technical there should be a mention of the user configurable key derivation function. Notably Argon2 is now available which is indeed very interesting. Gentleman wiki (talk) 02:20, 8 March 2017 (UTC)[reply]

Do you have a ref that explains that? - Ahunt (talk) 02:27, 8 March 2017 (UTC)[reply]
There is no official user manual, all the information is on several web pages. Specifically for the KDF it is here. Gentleman wiki (talk) 18:56, 13 April 2017 (UTC)[reply]

Hello fellow Wikipedians,

I have just modified one external link on KeePass. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 5 June 2024).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 16:46, 3 May 2017 (UTC)[reply]

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:KeePass&oldid=837472940"