KeePassX is an independent implementation of the popular password manager that supports the KeePass (kdb) and KeePass2 (kdbx) database formats. Like the official KeePass application, KeePassX is open source but the main difference is that KeePass requires Microsoft’s .NET framework or the Mono runtime to be installed whereas KeePassX does not.
The feature list from their website shows that KeePassX offers:
- Extensive management
- title for each entry for its better identification
- possibility to determine different expiration dates
- insertion of attachments
- user-defined symbols for groups and entries
- fast entry dublication
- sorting entries in groups
- Search function
- search either in specific groups or in complete database
- Autofill (experimental)
- Database security
- access to the KeePassX database is granted either with a password, a key-file (e.g. a CD or a memory-stick) or even both.
- Automatic generation of secure passwords
- extremly customizable password generator for fast and easy creation of secure passwords
- Precaution features
- quality indicator for chosen passwords
- hiding all passwords behind asterisks
- either the Advanced Encryption Standard (AES) or the Twofish algorithm are used
- encryption of the database in 256 bit sized increments
- Import and export of entries
- import from PwManager (*.pwm) and KWallet (*.xml) files
- export as textfile (*.txt)
- Operating system independent
- KeePassX is cross platform, so are the databases, as well
- Free software
- KeePassX is free software, published under the terms of the General Public License, so you are not only free to use it free of charge, but also to redistribute it, to examine and/or modify it’s source code and to publish your modifications as long as you provide the same freedoms for your modified version.
I’ve been a long time user of KeePass and figured I would check out KeePassX to see if there were any advantages to making the switch. Opening up my existing KeePass2 database was a breeze and even the ‘experimental’ autofill seemed to work just fine. I should also point out that, at least on Linux, KeePassX seems to be much quicker and definitely feels more native compared to the WinForms+Mono official version (I imagine the opposite is true while running on Windows).
The password generation tool for KeePassX is also very similar to the one in the official KeePass however they’ve opted for some defaults which could actually reduce the randomness, and thus security, of a password: exclude look-alike characters, ensure that the password contains characters from every group, etc.
The Password Generator in the official KeePass application
These defaults do make it a bit easier to read or transcribe the passwords should you ever need to and given a long enough password the impact on security should be minimal.
The Password Generator in KeePassX
So what are my feelings on KeePassX overall? In my limited use it seems like an excellent alternative to the official KeePass application and one that may almost be preferred on non-Windows platforms. I think I’ll be making the switch to KeePassX for my Linux-based installs.
Update: after some slow progress a few developers decided to fork the KeePassX project over at KeePassX Reboot. We’ll have to see how things with this fork play out but I wanted to mention it here in case you decided that the fork was the better version for you.
If you’ve used KeePass on Windows you may be very attached to its auto-type feature, where with a single key-combo press the application with magically type your user name and password into the website or application you’re trying to use. This is super handy and something that is sadly missing by default on Linux. Thankfully its also very easy to make work on Linux.
1. Start by installing the xdotool package
On Debian/Ubuntu/etc simply run:
sudo apt-get install xdotool
2. Next find out where the keepass2 executable is installed on your system
The easiest way to do this is to run:
On my system this returns /usr/bin/keepass2. This file is actually not the program itself but a script that bootstraps the program. So to find out where the real executable run:
On my system this returns
exec /usr/bin/cli /usr/lib/keepass2/KeePass.exe "$@"
So the program itself is actually located at /usr/lib/keepass2/KeePass.exe.
3. Create a custom keyboard shortcut
The process for this will differ depending on which distribution you’re running but it’s usually under the Keyboard settings. For the command enter the following:
mono /usr/lib/keepass2/KeePass.exe --auto-type
Now whenever you key in your shortcut keyboard combo it will tell KeePass to auto-type your configured username/password/whatever you setup in KeePass. The only catch is that you must first open KeePass and unlock your database.
These days you really need a strong, unique password for almost everything you do online. To make matters even worse for the average user, security nuts will tell you that you actually need a different password for essentially every account you hold. Why? Consider the following scenario:
Little Timmy signs up for Facebook using his super secret password @wesomeS@auce3!. This password is so strong and good that even he can hardly remember it. Then he wants a Twitter account so he goes and signs up there using the same password. Some time passes and Timmy’s Twitter account is hacked. Using his associated e-mail address they try the same e-mail and password on Facebook (because it is a popular website that most people belong to) and lo and behold they have access. Little Timmy’s virtual life falls apart around him.
Think I’m being paranoid? Take a look at these examples and adjust your tin foil hat accordingly.
What to do?
So what can you do about it? Well for one don’t use the password above because now it is all over the internet. For two use strong unique passwords for each website you care about. What do I mean by that? Well in the above example Timmy clearly cared about both Facebook and Twitter so he should have used different passwords for each. That way when his hypothetical Twitter account became hacked the attackers couldn’t use the same password to gain access to his Facebook account. That said it is always good to have a throw away password or two to use on those one-off websites that you will either never visit again or don’t care if they get compromised. Third either remember all of these unique passwords in your super genius conehead sized brain or use a password safe to make it easy on yourself.
A password safe is essentially a program that allows you to maintain a number of different passwords while only having to remember one. Essentially you enter a master password into the program and this acts as your key to unlock all of your others passwords. That way you (technically) only have to remember one password at a time (the master password) and you only have one password to change on a regular basis (although you should obviously refresh your other passwords every so often as well). A number of these programs exists (such as LastPass, etc.) but personally I prefer KeePass.
KeePass comes in two flavours: version 1.x (which is technically now legacy) and version 2.x (which is current). Beyond feature set the biggest difference is that version 2.x requires the .NET Framework (or Mono) and version 1.x doesn’t. For the purposes of this post I’ll be focusing on version 2.x.
KeePass has a number of great features that make it indispensable in my day-to-day computing life. While the full feature list is actually quite long I’ll just list the most useful or important ones here:
WHO IS PAYING YOU?
All of this praise may make it seem like I’m getting paid to write this article but that isn’t the case (not that I would turn the money down mind you *hint hint*…). KeePass is just one of those programs I use daily that does so many things right I can’t help but like it. So in conclusion give it, or a similar password store, a try and make your online presence more resilient to password hacking. Let me know which password safes you think are awesome.
This post originally appeared on my personal website here.
On my Windows machine, I use a free program called KeePass to manage all of my passwords. It creates an encrypted file that contains all of my passwords, and automatically pastes them into the correct dialog boxes when I hit ctrl-alt-a.
Since I’m attempting to emulate my normal work flow, one of my first goals with Debian was to get a password manager up and running, and to disable the password management tool that is present in Iceweasel (For those that don’t know, Iceweasel is Firefox, but it’s been re-branded and given a new set of icons so that it is a truly “free” program).
Luckily, with just a few minutes of looking around, I found the KeePassX project, a mature cross-platform clone of the KeePass project that even imports KeePass 1.x database files. Installation was simple, and once I exported a 1.x version of my KeePass database from my Windows machine, KeePassX opened it immediately.
It should be noted that GNOME ships with an application called Seahorse that provides a graphical front end to the underlying keyring management system. This application seems to have been designed primarily for remembering PGP keys and remote server passwords. It handles my wireless network passwords, but I can’t seem to figure out how to add website passwords to it, so KeePassX is my replacement solution.
Aside: To add another item to my to-do list, I’ve just noticed that GNOME has registered the Epiphany web browser as my default browser, so all system links launch in it instead of in Iceweasel. From what I’ve seen so far, it’s not that Ephiphany is a bad browser, but more that I’m used to how Iceweasel works. Further, Epiphany appears to just be another re-branding. According to it’s webpage, it runs all the same plugins that Firefox can… So I guess my first question is, why bother?
Categories: Debian, Free Software, GNOME, Jon F Debian, ephiphany, firefox, Gnome, iceweasel, keepass, keepassx, password manager, seahorse