KeePass

KeePass Password Safe
	; The main window of KeePass 2.x
Basic data
developer	Dominik Reichl
Publishing year	November 13, 2003
Current version	1.38 and 2.45 ; (January 13, 2020 ; and May 7, 2020)
operating system	Microsoft Windows , Linux , macOS , Pocket PC , Android , iOS , BlackBerry , Java Platform, Micro Edition
programming language	C ++ , C #
category	Password Management , Personal Information Manager
License	GNU General Public License, version 2.0 or later
German speaking	Yes
	keepass.info

KeePass Password Safe is a free password management program available under the terms of the GNU General Public License (GPL) . KeePass encrypts the entire database , which can also contain user names and the like.

KeePass is available in more than 40 languages, and not all language files are compatible with all KeePass versions. The language file (in addition to English as standard) must also be downloaded.

Encryption

KeePass encrypts the password database in the "Classic Edition - 1.x" either according to the AES algorithm or the Twofish algorithm. The "Professional Edition - 2.x" supports the AES algorithm and the ChaCha20 algorithm.

The KeePassXC spin-off supports AES and ChaCha20 as well as Twofish for encryption by default. KeePassXC also provides the AES-KDF and Argon2 methods for password hashing, which are available from KeePass in the Professional Edition .

Master key

Entering the master key

The database is secured by a master key, without which the database cannot be decrypted. The main password (“Master Password”) has to be entered manually, and a key file (“Key File”) can be used, for example on a mobile drive such as a USB stick or CD. The (manually entered) key and the (locally stored) key file form a common key when used at the same time. The key file increases the cryptic entropy of the key. An attack on the database with a moderately secure password is made considerably more difficult. If the password database is on a publicly accessible drive, passwords can be synchronized between computers; a possible attacker cannot do anything without knowing the key file (to be saved locally).

The general and, above all, essential problem with a key file in practice is that it can never be safely ruled out that an attacker can make a copy of this key file (to be saved locally) on a CD or USB stick at an opportune moment and unnoticed was made. In principle, it is not possible to reliably control where and in how many copies the key file exists. To solve this problem, extended versions such as KeePassXC also offer the option of logging in using a challenge-response procedure . The challenge-response procedure, which can be combined with a main password as a second factor, is based on the Keyed-Hash Message Authentication Code (HMAC) in combination with the Secure Hash Algorithm (SHA-1). The 20-byte long, secret HMAC-SHA1 key is programmed once on a security token such as YubiKey , which can only be written to during the initialization phase but cannot be read , can be connected to the computer like a USB stick via a USB port and offers due to the procedure the security that the secret master key from the security token cannot be read and thus copied.

KeePass 2.x also supports a method under Windows to use a secret key of the current Windows user. The database can only be opened if the user is logged on with the correct Windows user account. A disadvantage of this method is that if the account is lost, it is not sufficient to create a new one with the same username and password, since the secret key of the account is protected with this data, but cannot be derived directly from it. When using it, it is therefore important to make a data backup of the Windows account key.

Functions

Transferring the passwords to other applications

Keepass offers several options to transfer the passwords to the target applications, such as the browser.

Clipboard: Username and password are manually copied to the clipboard one after the other and can thus be pasted into the application. After a few seconds (can be changed by the user), KeePass deletes this value from the clipboard, after which it can no longer be accessed. The disadvantage here is that the clipboard can be read by running applications, including malware.
KeePass Auto-Type: The global keyboard shortcut is used to fill in login data automatically

Auto-Type: It is far more convenient to let Keepass automatically enter the data into the application. With the global keyboard shortcut "Ctrl + Alt + A", login data are automatically inserted into text fields. The disadvantage here is that passwords can be spied out by keyloggers (this is also possible when entering them manually with the keyboard).

Version 2.x:
- Two-channel auto-type obfuscation: The password is inserted into the respective application using a combination of clipboard and simulated key entry. Spying on by simple keyloggers is prevented, but modern versions of these spy programs can also read the clipboard and still get the data. The function must be activated separately in KeePass for each new entry.
- Browser extensions with KeePass plug-in: KeeFox with plug-in KeePassRPC or PassIFox or ChromeIPass with plug-in KeePassHttp establish a connection between the browser and KeePass. (The plug-ins are not compatible with Keepass 1.x.) Newly created login data can also be saved in KeePass via plug-ins.

Password generator

Password generator user interface

The password generator can be used to create passwords of any length and type. If requested, the creation is supported by actions of the user in order to guarantee randomness. Data from mouse movement or keyboard input are taken into account.

Format templates

Currently (May 2013, Version 2.22) there is only one standard format template available in KeePass , which provides for the single-line fields title, user name, password and URL as well as a multi-line field Notes for each entry (however, additional fields can be created ). A plug-in is offered for creating your own format templates, but entries created with it are not fully compatible with mobile versions such as KeePassDroid, KeePass2Android or MiniKeePass.

Plug-ins

KeePass offers the possibility to expand the functions of the program with plug-ins . Among other things, plug-ins are available for expanding the import, export and automatic database backup.

Other supplementary modules in KeePass 2.x are, for example, a module for calculating one-time passwords, as used in two-factor authentication based on the time-based one-time password algorithm (TOTP). The secret key used to calculate the one-time password is stored as an additional attribute in the encrypted KeePass database. With extended versions such as KeePassXC, the option for TOTP is integrated as standard.

Other versions

There are different implementations of KeePass for different platforms. The databases used are usually compatible, i. This means that the databases can be synchronized between the devices using suitable mechanisms (e.g. cloud storage ).

KeePassX is a variant of KeePass for Windows, Linux , macOS and OS / 2 based on Qt , which is no longer developed.
KeePassXC (KeepassX Reboot) is a cross-platform spin-off from KeePassX with additional features.
KeePassC is a curses -based variant for Linux in Python that is compatible with the KeePass-1 file format.
ownKeepass is a KeePass client for Sailfish OS .
MacPass is a KeePass client for macOS that uses the Cocoa API .
Strongbox is a password manager with an integration of KeePass and Password Safe for macOS and iOS .
KeePass DX is an Android implementation of the KeePass password manager.
KeePassDroid is a version for Android .
Keepass2Android is for Android with support for several file hosting options.
KyPass is a variant of MyKeePass for iPhone / iPad with support for Dropbox .
MiniKeePass is another implementation for iPhone / iPad.
KeePass Touch is an implementation for iPhone / iPad with Touch ID function, support for Dropbox , OneDrive and wireless synchronization via WLAN.
KeeWeb is an implementation in JavaScript.
7Pass is a version for Windows Phone with support for Dropbox , OneDrive , WebDAV .
KeePassB is a KeePass client for Blackberry (from operating version 10).
KeePit is a KeePass client for Ubuntu Touch.

Web links

Commons : KeePass Screenshots - Collection of images, videos and audio files

Individual evidence

↑ KeePass for Windows. In: keepass.info. Retrieved May 12, 2020 (English).
↑ ^a ^b ^c sourceforge.net .
↑ The keepass Open Source Project on Open Hub: Languages Page . In: Open Hub . (accessed on September 26, 2018).
^ Translations. - Download page of the language files
↑ Dominik Reichl: Technical FAQ - KeePass. Retrieved November 13, 2017 .
↑ KeePassXC, Documentation and Quick Start. Retrieved November 4, 2018 .
↑ KeePassXC Security, Documentation and Quickstart. Retrieved November 4, 2018 .
↑ KeypassXC. CHIP (magazine), accessed March 4, 2018 .

[1] KeePass for Windows. In: keepass.info. Retrieved May 12, 2020 (English).

[_2e20fed79c27ffc7-2] sourceforge.net .

[_cc75c0c19da09618-3] The keepass Open Source Project on Open Hub: Languages Page . In: Open Hub . (accessed on September 26, 2018).

[4] Translations. - Download page of the language files

[5] Dominik Reichl: Technical FAQ - KeePass. Retrieved November 13, 2017 .

[6] KeePassXC, Documentation and Quick Start. Retrieved November 4, 2018 .

[7] KeePassXC Security, Documentation and Quickstart. Retrieved November 4, 2018 .

[8] KeypassXC. CHIP (magazine), accessed March 4, 2018 .

KeePass Password Safe

The main window of KeePass 2.x
Basic data
developer	Dominik Reichl
Publishing year	November 13, 2003
Current version	1.38 and 2.45 (January 13, 2020 and May 7, 2020)
operating system	Microsoft Windows , Linux , macOS , Pocket PC , Android , iOS , BlackBerry , Java Platform, Micro Edition
programming language	C ++ , C #
category	Password Management , Personal Information Manager
License	GNU General Public License, version 2.0 or later
German speaking	Yes
keepass.info