Girish Mahajan (Editor)

KeePass

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit
Developer(s)
  
Dominik Reichl

Platform
  
Cross-platform

KeePass

Initial release
  
November 16, 2003; 13 years ago (2003-11-16)

Stable release
  
1.32 (January 2, 2017; 2 months ago (2017-01-02)) [±] 2.35 (January 9, 2017; 61 days ago (2017-01-09)) [±]

Written in
  
C# (2.x version), C++ (1.x version)

Operating system
  
BSD, Linux, Mac OS X, Windows

KeePass Password Safe is a free and open source password manager primarily for Microsoft Windows. It officially supports macOS and Linux operating systems through the use of Mono. Additionally, there are several unofficial ports for Windows Phone, Android, iOS, and BlackBerry devices. KeePass stores usernames, passwords, and other fields, including free-form notes and file attachments, in an encrypted file. This file can be protected by a master password, key file, and/or the current Windows account details. By default, the KeePass database is stored on local file system (as opposed to cloud storage).

Contents

KeePass supports a number of plugins. It has a password generator and synchronization function, supports two-factor authentication, and has a Secure Desktop mode. It can use a two-channel auto-type obfuscation feature to offer additional protection against keyloggers. KeePass can import from over 30 other most commonly used password managers.

Password management

Passwords stored by this application can be further divided into manageable groups. Each group can have an identifying icon. Groups can be further divided into subgroups in a tree-like organization.

Further, KeePass tracks the creation time, modification time, last access time, and expiration time of each password stored. Files can be attached and stored with a password record, or text notes can be entered with the password details. Each password record can also have an associated icon.

Import and export

The password list can be exported to various formats like TXT, HTML, XML and CSV. The XML output can be used in other applications and re-imported into KeePass using a plugin. The CSV output is compatible with many other password safes like the commercial closed-source Password Keeper and the closed-source Password Agent. Also, the CSVs can be imported by spreadsheet applications like Microsoft Excel or OpenOffice/LibreOffice Calc. Exports from these programs can be imported to KeePass databases. KeePass can parse and import TXT outputs of CodeWalletPro, a commercial closed-source password safe. It can import TXT files created by Bruce Schneier's Password Safe v2. File format support can be expanded through the use of KeePass plugins. The HTML output uses Cascading Style Sheets (CSS) to format the table, which makes it possible to change the layout.

Multi-user support

Keepass supports simultaneous access and simultaneous changes to a shared password file by multiple computers (often by using a shared network drive), however there is no provisioning of access per-group or per-entry. As of May 2014, there are no plugins available to add provisioned multi-user support, but there exists a proprietary password server (Pleasant Password Server) that is compatible with the KeePass client and includes provisioning.

Auto-type, global hot keys, drag and drop

Auto-type, global auto-type hot key combination and drag and drop support: KeePass can minimize itself and type the information of the currently selected entry into dialogs, webforms, etc. KeePass has a global auto-type hot key. When KeePass is running in the background (with opened database) and the user presses the hot key, it looks up the correct entry and executes its auto-type sequence. All fields, title, username, password, URL and notes can be drag-n-dropped into other windows.

Windows clipboard handling allows double-clicking on any field of the password list to copy its value to the Windows clipboard. KeePass can clear the clipboard automatically some time after the user has copied one of their passwords into it. KeePass features a protection against clipboard monitors (other applications won't get notifications that the clipboard content has been changed) and it has a paste-once functionality: allow only one paste operation, after pasting, the clipboard is cleared automatically by KeePass. The latter was removed in 2.x due to incompatibility and insufficient effectiveness.

Browser support

The auto-type functionality works with all windows, and consequently with all browsers. The KeeForm extension allows users to open websites with Internet Explorer and Mozilla Firefox and fill in user details automatically. For Internet Explorer, there's also a browser integration toolbar available.

For Firefox there's another extension called KeeFox which connects to KeePass when a user needs to access a password from it.

Built-in password generator

KeePass features a built-in password generator that generates random passwords. Random seeding can be done through user input (mouse movement and random keyboard input).

Plugins

KeePass has a plugin architecture. There are various plugins available on the KeePass homepage (import/export from/to various other formats, database backup, integration and automation, etc.). Note that plugins may compromise the security of KeePass, because they are written by independent authors and have full access to the KeePass database.

Runtime security

According to the utility's author, KeePass was one of the first password management utilities to use security-enhanced password edit controls, in this case one called CSecureEditEx. The author makes several claims regarding the security of the control and its resistance to password revealing utilities; however, the author does not cite or make any references to any third-party testing of the control to corroborate the claims of its security. The software can be tested, since the source code is freely available.

Passwords are protected in memory while KeePass is running. On Windows Vista and later versions, passwords are encrypted in process memory using Windows Data Protection API, which allows storing the key for memory protection in a secure, non-swappable memory area. On previous Windows systems, KeePass falls back to using the ARC4 cipher with a temporary, random session key.

Offline security

Access to the database is restricted by a master password or a key file. Both methods may be combined to create a "composite master key". If both methods are used, then both must be present to access the password database. KeePass version 2.x introduces a third option—dependency upon the current Windows user. KeePass encrypts the database with the AES or Twofish symmetric ciphers. AES is the default option, and Twofish is available in 1.x, but is not available in version 2.x. However, a separate plugin provides Twofish as an encryption algorithm. Beginning with version 2.35 ChaCha20 cipher is also available.

Unofficial KeePass releases

  • KeePassX, a multi-platform open source KeePass clone for Linux and OS X, built using version 4.8 of the Qt libraries. As of December 2015, databases created by KeePassX 2.0 are binary-compatible with databases created by KeePass 1.x and 2.x.
  • KeePassXC (KeePassX Reboot) is a cross-platform community-driven fork of KeePassX.
  • kpcli, a command line interface to KeePass database files, written in Perl and with a familiar Unix shell-style user interface.
  • KeePassC, a curses-based password manager compatible to KeePass v.1.x and KeePassX, written in python 3.
  • 7Pass or WinPass for Windows Phones, a port of KeePass for Windows Phone devices.
  • KeePass for Blackberry, a Blackberry port of KeePass for RIM devices
  • KeePassMobile, KeePass port for mobile phones (Java ME)
  • KeePass for J2ME, a Java ME port of KeePass for mobile phones
  • iKeePass, a port of KeePass for the iOS platform, compatible with KeePass 1.x and 2.x
  • MiniKeePass for iOS platform, compatible with KeePass 1.x and 2.x
  • MyKeePass for iPhone, compatible with KeePass 1.x and 2.x
  • KeePassDroid, a port of KeePass for the Android platform, compatible with .kdb (1.x) and .kdbx (2.x) files
  • Keepass2Android, a port of KeePass 2.x for the Android platform using Mono for Android
  • KeepShare, an enhanced, read-only KeePass client for the Android platform
  • KeePass for SmartDevices, a port of KeePass for Windows Mobile and PocketPC devices
  • KyPass, a port of KeePass for iOS platform and Mac OS X. iOS version has Dropbox, Google Drive and WebDAV support. All the versions have iCloud, full read/write and history support, compatible with KeePass 1.x & 2.x.
  • KeePass for OS X, using Mono
  • PassDrop for iOS platform. Includes full read/write Dropbox support, compatible with version 1.x
  • KeePassB - native BlackBerry 10 app with read/write support of versions 1.x and 2.x
  • KeePass for BlackBerry. Native port for BlackBerry 10 devices, compatible with version 1.x
  • MacPass, a free and open source native client for Mac OS X (still alpha)
  • ownKeepass for Sailfish OS, compatible with KeePass 1.x (read/write) and 2.x (read-only) file format
  • KeeFox for Mozilla Firefox
  • CKP for Chrome OS and Google Chrome
  • Passafari, an extension for Safari

    • References

    KeePass Wikipedia
    (Text) CC BY-SA