KeePass

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
KeePass Password Safe
KeePass icon.svg
KeePass 2.x Main Window
KeePass 2.x Main Window
Developer(s)Dominik Reichl
Initial releaseNovember 16, 2003; 15 years ago (2003-11-16)
Stable release2.43[1] (September 10, 2019; 4 days ago (2019-09-10)) [±]
Repository Edit this at Wikidata
Written inC# (2.x version),
C++ (1.x version)
Operating systemWindows Vista and later (plus other platforms in unofficial derivatives)
Platform.NET Framework, mono
TypePassword manager
LicenseGNU GPLv2+
Websitekeepass.info

KeePass Password Safe is a free and open-source password manager primarily for Windows. It officially supports macOS and Linux operating systems through the use of Mono.[2] Additionally, there are several unofficial ports for Windows Phone, Android, iOS, and BlackBerry devices.[3][4][5][6][7] KeePass stores usernames, passwords, and other fields, including free-form notes and file attachments, in an encrypted file. This file can be protected by any combination of a master password, a key file, and the current Windows account details. By default, the KeePass database is stored on a local file system (as opposed to cloud storage).[8]

KeePass supports a number of plugins.[9] It has a password generator and synchronization function, supports two-factor authentication, and has a Secure Desktop mode. It can use a two-channel auto-type obfuscation feature to offer additional protection against keyloggers.[10] KeePass can import from over 30 other most commonly used password managers.[10]

A 2017 Consumer Reports article described KeePass as one of the four most widely used password managers (alongside 1Password, Dashlane and LastPass), being "popular among tech enthusiasts" and offering the same level of security as non-free competitors but being more difficult to install.[11]

A 2019 Independent Security Evaluators study described KeePass as well as other widely used password managers as being unable to control Windows 10's tendency to leave passwords in cleartext in RAM after they are displayed using Windows controlled GUI.[12] In addition, several github projects (KeeFarce, KeeThief, Lazanga) specifically attack a running KeePass to steal all data; when the host is compromised, KeePass cannot prevent password theft. Note that "neither KeePass nor any other password manager can magically run securely in a spyware-infected, insecure environment."[13]

Overview[edit]

Password management[edit]

Passwords stored by this application can be further divided into manageable groups. Each group can have an identifying icon. Groups can be further divided into subgroups in a tree-like organization.[citation needed]

Further, KeePass tracks the creation time, modification time, last access time, and expiration time of each password stored. Files can be attached and stored with a password record, or text notes can be entered with the password details. Each password record can also have an associated icon.[citation needed]

Import and export[edit]

The password list is saved by default as a .kdbx file, but it can be exported to various formats, such as TXT, HTML, XML and CSV. The XML output can be used in other applications and re-imported into KeePass using a plugin. The CSV output is compatible with many other password safes like the commercial closed-source Password Keeper and the closed-source Password Agent. Also, the CSVs can be imported by spreadsheet applications like Microsoft Excel or OpenOffice/LibreOffice Calc. Exports from these programs can be imported into KeePass databases. KeePass can parse and import TXT outputs of CodeWalletPro, a commercial closed-source password safe. It can import TXT files created by Bruce Schneier's Password Safe v2.[citation needed]

File format support can be expanded through the use of KeePass plugins.[14]

Multi-user support[edit]

KeePass supports simultaneous access and simultaneous changes to a shared password file by multiple computers (often by using a shared network drive), however there is no provisioning of access per-group or per-entry.[15] As of May 2014, there are no plugins available to add provisioned multi-user support, but there exists a proprietary password server (Pleasant Password Server) that is compatible with the KeePass client and includes provisioning.[16]

Auto-type, global auto-type hotkeys, and drag and drop[edit]

An example of KeePass' Auto-Type function, which is triggered by a global hotkey.

KeePass can minimize itself and type the information of the currently selected entry into dialogs, webforms, etc. KeePass has a global auto-type hot key. When KeePass is running in the background (with opened database) and the user presses the hotkey, it looks up the correct entry and executes its auto-type sequence.[17] All fields, such as title, username, password, URL, and notes, can be drag and dropped into other windows.[citation needed]

Windows clipboard handling allows double-clicking on any field of the password list to copy its value to the Windows clipboard. KeePass can clear the clipboard automatically some time after the user has copied one of their passwords into it. KeePass features protection against clipboard monitors (other applications will not get notifications that the clipboard content has been changed).[citation needed]

KeePass at one time had a paste-once functionality, where after a single paste operation, the clipboard would be cleared automatically, but this was removed in version 2.x due to incompatibility and insufficient effectiveness.[18]

Browser support[edit]

The auto-type functionality works with all windows, and consequently with all browsers. The KeeForm extension allows users to open websites with Internet Explorer and Mozilla Firefox and fill in user details automatically. Internet Explorer also has a browser integration toolbar available.[19]

For Firefox, an extension called KeeFox connects to KeePass when a user needs to access a password from it.[20]

Built-in password generator[edit]

User Interface of the password generator.

KeePass features a built-in password generator that generates random passwords. Random seeding can be done through user input (mouse movement and random keyboard input).[17]

Plugins[edit]

KeePass has a plugin architecture. There are various plugins available from the KeePass website (such as import/export from/to various other formats, database backup, integration, automation, etc.). Note that plugins may compromise the security of KeePass, because they are written by independent authors and have full access to the KeePass database.[citation needed]

Cryptography[edit]

Runtime security[edit]

"Add Entry" dialog in KeePass.

According to the utility's author, KeePass was one of the first password management utilities to use security-enhanced password edit controls, in this case one called CSecureEditEx.[21] The author makes several claims regarding the security of the control and its resistance to password revealing utilities; however, the author does not cite or make any references to any third-party testing of the control to corroborate the claims of its security.[22]

Passwords are protected in memory while KeePass is running. On Windows Vista and later versions, passwords are encrypted in process memory using Windows Data Protection API, which allows storing the key for memory protection in a secure, non-swappable memory area. On previous Windows systems, KeePass falls back to using the ARC4 cipher with a temporary, random session key.[23]

Offline security[edit]

Access to the database is restricted by a master password or a key file. Both methods may be combined to create a "composite master key". If both methods are used, then both must be present to access the password database. KeePass version 2.x introduces a third option—dependency upon the current Windows user.[24] KeePass encrypts the database with the AES or Twofish symmetric ciphers. The kdbx database is encrypted with AES in CBC/PKCS7 mode without proper authentication, as there are only SHA2 hashes guarding the integrity of ciphertext, while these might catch a typical file corruption they will not prevent malicious tampering.[25] AES is the default option, and Twofish is available in 1.x, but is not available in version 2.x. However, a separate plugin provides Twofish as an encryption algorithm. Beginning with version 2.35 ChaCha20 cipher is also available.[26]

Unofficial KeePass derivatives[edit]

KeePassX logo
  • KeePassX, a multi-platform open source KeePass clone for Linux and OS X, built using version 4.8 of the Qt libraries.[27]
  • KeePassXC (KeePassX Reboot) is a cross-platform community-driven fork of KeePassX.[28]
  • kpcli, a command line interface to KeePass database files, written in Perl and with a familiar Unix shell-style user interface.[29]
  • KeePassC, a curses-based password manager compatible to KeePass v.1.x and KeePassX, written in Python 3.[30]
  • 7Pass or WinPass for Windows Phones, a port of KeePass for Windows Phone devices.[31]
  • KeePass for Blackberry, a Blackberry port of KeePass for RIM devices
  • KeePassMobile, KeePass port for mobile phones (Java ME)
  • KeePass for J2ME, a Java ME port of KeePass for mobile phones
  • iKeePass, a port of KeePass for iOS
  • MiniKeePass for iOS
  • MyKeePass for iPhone
  • KeePassDroid, a port of KeePass for Android[32]
  • KeePassDX for Android[33]
  • Keepass2Android, a port of KeePass 2.x for Android using Mono for Android[34]
  • KeepShare, an enhanced, read-only KeePass client for Android
  • KeePass for SmartDevices, a port of KeePass for Windows Mobile and PocketPC devices
  • KyPass, a port of KeePass for iOS and Mac OS X.[35][36]
  • KeePass for OS X, using Mono
  • PassDrop for iOS. Includes full read/write Dropbox support.[37]
  • KeePassB – native BlackBerry 10 app with read/write support[38]
  • KeePass for BlackBerry. Native port for BlackBerry 10 devices.[39]
  • MacPass, a free and open source native client for macOS[40][41]
  • ownKeepass for Sailfish OS[42]
  • KeeFox for Mozilla Firefox[43]
  • CKP for Chrome OS and Google Chrome[44]
  • Passafari, an extension for Safari[45]
  • KeeWeb, an open-source port using HTML/JS/CSS, runnable in a web browser as static file or in desktop apps[46]
  • KeePassium for iOS – an open-source freemium app, with automatic sync and AutoFill support[47]

See also[edit]

References[edit]

  1. ^ KeePass 2.43 available! on KeePass website
  2. ^ "KeePass Setup". KeePass.
  3. ^ "Download page". KeePass.
  4. ^ "KeePass reader for Windows Phone".
  5. ^ "KeePassDroid".
  6. ^ "KeePass for Blackberry".
  7. ^ "iOS application".
  8. ^ Zukerman, Erez. "Tools for the paranoid: 5 free security tools to protect your data". PCWorld. Retrieved 2013-07-14.
  9. ^ "KeePass Plugins".
  10. ^ a b Rubenking, Neil. "KeePass Review & Ratings". PC Mag. Retrieved 2014-06-11.
  11. ^ Chaikivsky, Andrew (2017-02-17). "Everything You Need to Know About Password Managers". Consumer Reports. Retrieved 2018-06-23.
  12. ^ Bednarek, Adrian. "Password Managers: Under the Hood of Secrets Management". Retrieved 2019-03-24.
  13. ^ Reichl, Dominik. "KeeFarce". Retrieved 2019-03-24.
  14. ^ KeePass 2.x Plugins, KeePass.info, retrieved 2019-01-26
  15. ^ Dominik Reichl. "KeePass Help Center". Retrieved 2012-12-28.
  16. ^ "Pleasant Password Server". Retrieved 2014-05-29.
  17. ^ a b Markton, Ben. "KeePass Password Safe Professional". CNET.com. Retrieved 2014-06-11.
  18. ^ Dominik Reichl. "What happened to the paste-once functionality in 2.x? – KeePass Forums". Retrieved 2012-10-14.
  19. ^ KeeForm (undated). Retrieved on 2014-06-24 from http://www.keeform.org.
  20. ^ "Home". KeeFox. Retrieved 2014-06-24.
  21. ^ Dominik Reichl. "Secure Edit Controls – KeePass". Retrieved 2009-11-14.
  22. ^ Dominik Reichl (2005-04-17). "CSecureEditEx – A More Secure Edit Control". The Code Project. Archived from the original on 2006-02-17. Cite uses deprecated parameter |deadurl= (help)
  23. ^ Dominik Reichl. "Security – KeePass". Retrieved 2007-12-13.
  24. ^ Dominik Reichl. "Composite Master Key – KeePass". Retrieved 2009-11-14.
  25. ^ "KeePass – questionable security | Hacker News". news.ycombinator.com. Retrieved 2018-05-29.
  26. ^ Reichl, Dominik. "News: KeePass 2.35 available!". keepass.info. Retrieved 2017-01-10.
  27. ^ "KeePassX 2.0 has arrived". Geyer, Felix. Retrieved 2015-12-07.
  28. ^ "KeePassXC Password Manager". keepassxc.org. Retrieved 26 January 2017.
  29. ^ "kpcli – A command line interface for KeePass". Kpcli.sourceforge.net. Retrieved 2014-06-24.
  30. ^ "raymontag/keepassc · GitHub". Github.com. Retrieved 2014-06-24.
  31. ^ "7Pass Official Blog". wordpress.com. Retrieved 2015-02-14.
  32. ^ "KeePassDroid – Android-apps op Google Play". Play.google.com. Retrieved 2016-02-26.
  33. ^ "KeePassDX".
  34. ^ "Keepass2Android Password Safe – Android-apps op Google Play". Play.google.com. Retrieved 2014-06-24.
  35. ^ "KyPass on the App Store on iTunes". Itunes.apple.com. 2016-01-15. Retrieved 2016-01-15.
  36. ^ "KyPass Companion on the Mac App Store on iTunes". Itunes.apple.com. 2016-01-15. Retrieved 2016-01-15.
  37. ^ "PassDrop on the App Store on iTunes". itunes.apple.com. 2014-04-16. Retrieved 2016-02-26.
  38. ^ "KeePassB Password Manager – BlackBerry World". appworld.blackberry.com. Retrieved 2015-04-13.
  39. ^ "KeePass for BlackBerry – BlackBerry World". Appworld.blackberry.com. Retrieved 2014-06-24.
  40. ^ "MacPass - A free, open-source, KeePass-compatible password manager for macOS". Retrieved 2018-11-09.
  41. ^ "MacPass 0.7.3 free download for Mac". MacUpdate. 2018-01-24. Retrieved 2018-11-09.
  42. ^ "jobe-m/ownkeepass 路 GitHub". Github.com. Retrieved 2015-09-25.
  43. ^ "KeeFox by luckyrat". GitHub. Retrieved 2015-02-03.
  44. ^ "CKP by perfectapi". GitHub. Retrieved 2015-06-19.
  45. ^ "mmichaa/passafari.safariextension". GitHub. Retrieved 2016-01-13.
  46. ^ "Free Password Manager Compatible with KeePass: KeeWeb". keeweb.info. Retrieved 2017-08-15.
  47. ^ "KeePassium Password Manager for iOS". keepassium.com. Retrieved 2019-06-23.

External links[edit]