Posts Tagged ‘keepass’

Trying out KeePassX

October 23rd, 2016 No comments

KeePassX is an independent implementation of the popular password manager that supports the KeePass (kdb) and KeePass2 (kdbx) database formats. Like the official KeePass application, KeePassX is open source but the main difference is that KeePass requires Microsoft’s .NET framework or the Mono runtime to be installed whereas KeePassX does not.

The feature list from their website shows that KeePassX offers:

  • Extensive management
    • title for each entry for its better identification
    • possibility to determine different expiration dates
    • insertion of attachments
    • user-defined symbols for groups and entries
    • fast entry dublication
    • sorting entries in groups
  • Search function
    • search either in specific groups or in complete database
  • Autofill (experimental)
  • Database security
    • access to the KeePassX database is granted either with a password, a key-file (e.g. a CD or a memory-stick) or even both.
  • Automatic generation of secure passwords
    • extremly customizable password generator for fast and easy creation of secure passwords
  • Precaution features
    • quality indicator for chosen passwords
    • hiding all passwords behind asterisks
  • Encryption
    • either the Advanced Encryption Standard (AES) or the Twofish algorithm are used
    • encryption of the database in 256 bit sized increments
  • Import and export of entries
    • import from PwManager (*.pwm) and KWallet (*.xml) files
    • export as textfile (*.txt)
  • Operating system independent
    • KeePassX is cross platform, so are the databases, as well
  • Free software
    • KeePassX is free software, published under the terms of the General Public License, so you are not only free to use it free of charge, but also to redistribute it, to examine and/or modify it’s source code and to publish your modifications as long as you provide the same freedoms for your modified version.

I’ve been a long time user of KeePass and figured I would check out KeePassX to see if there were any advantages to making the switch. Opening up my existing KeePass2 database was a breeze and even the ‘experimental’ autofill seemed to work just fine. I should also point out that, at least on Linux, KeePassX seems to be much quicker and definitely feels more native compared to the WinForms+Mono official version (I imagine the opposite is true while running on Windows).

The password generation tool for KeePassX is also very similar to the one in the official KeePass however they’ve opted for some defaults which could actually reduce the randomness, and thus security, of a password: exclude look-alike characters, ensure that the password contains characters from every group, etc.

The Password Generator in the official KeePass application

The Password Generator in the official KeePass application

These defaults do make it a bit easier to read or transcribe the passwords should you ever need to and given a long enough password the impact on security should be minimal.

The Password Generator in KeePassX

The Password Generator in KeePassX

So what are my feelings on KeePassX overall? In my limited use it seems like an excellent alternative to the official KeePass application and one that may almost be preferred on non-Windows platforms. I think I’ll be making the switch to KeePassX for my Linux-based installs.

Update: after some slow progress a few developers decided to fork the KeePassX project over at KeePassX Reboot. We’ll have to see how things with this fork play out but I wanted to mention it here in case you decided that the fork was the better version for you.

I am currently running a variety of distributions, primarily Linux Mint 18.
Previously I was running KDE 4.3.3 on top of Fedora 11 (for the first experiment) and KDE 4.6.5 on top of Gentoo (for the second experiment).
Feel free to visit me at my personal website here.

Set up KeePass Auto-Type on Linux

June 8th, 2014 3 comments

If you’ve used KeePass on Windows you may be very attached to its auto-type feature, where with a single key-combo press the application with magically type your user name and password into the website or application you’re trying to use. This is super handy and something that is sadly missing by default on Linux. Thankfully its also very easy to make work on Linux.

1. Start by installing the xdotool package

On Debian/Ubuntu/etc simply run:

sudo apt-get install xdotool

2. Next find out where the keepass2 executable is installed on your system

The easiest way to do this is to run:

which keepass2

On my system this returns /usr/bin/keepass2. This file is actually not the program itself but a script that bootstraps the program. So to find out where the real executable run:

cat /usr/bin/keepass2

On my system this returns

exec /usr/bin/cli /usr/lib/keepass2/KeePass.exe "$@"

So the program itself is actually located at /usr/lib/keepass2/KeePass.exe.

3. Create a custom keyboard shortcut


The process for this will differ depending on which distribution you’re running but it’s usually under the Keyboard settings. For the command enter the following:

mono /usr/lib/keepass2/KeePass.exe --auto-type

Now whenever you key in your shortcut keyboard combo it will tell KeePass to auto-type your configured username/password/whatever you setup in KeePass. The only catch is that you must first open KeePass and unlock your database.

I am currently running a variety of distributions, primarily Linux Mint 18.
Previously I was running KDE 4.3.3 on top of Fedora 11 (for the first experiment) and KDE 4.6.5 on top of Gentoo (for the second experiment).
Feel free to visit me at my personal website here.
Categories: Linux, Tyler B Tags:

KeePass: The Cross-platform Password Safe

December 20th, 2012 1 comment

These days you really need a strong, unique password for almost everything you do online. To make matters even worse for the average user, security nuts will tell you that you actually need a different password for essentially every account you hold. Why? Consider the following scenario:

Little Timmy signs up for Facebook using his super secret password @wesomeS@auce3!. This password is so strong and good that even he can hardly remember it. Then he wants a Twitter account so he goes and signs up there using the same password. Some time passes and Timmy’s Twitter account is hacked. Using his associated e-mail address they try the same e-mail and password on Facebook (because it is a popular website that most people belong to) and lo and behold they have access. Little Timmy’s virtual life falls apart around him.

Think I’m being paranoid? Take a look at these examples and adjust your tin foil hat accordingly.

What to do?

So what can you do about it? Well for one don’t use the password above because now it is all over the internet. For two use strong unique passwords for each website you care about. What do I mean by that? Well in the above example Timmy clearly cared about both Facebook and Twitter so he should have used different passwords for each. That way when his hypothetical Twitter account became hacked the attackers couldn’t use the same password to gain access to his Facebook account. That said it is always good to have a throw away password or two to use on those one-off websites that you will either never visit again or don’t care if they get compromised. Third either remember all of these unique passwords in your super genius conehead sized brain or use a password safe to make it easy on yourself.

Password Safes

A password safe is essentially a program that allows you to maintain a number of different passwords while only having to remember one. Essentially you enter a master password into the program and this acts as your key to unlock all of your others passwords. That way you (technically) only have to remember one password at a time (the master password) and you only have one password to change on a regular basis (although you should obviously refresh your other passwords every so often as well). A number of these programs exists (such as LastPass, etc.) but personally I prefer KeePass.


KeePass comes in two flavours: version 1.x (which is technically now legacy) and version 2.x (which is current). Beyond feature set the biggest difference is that version 2.x requires the .NET Framework (or Mono) and version 1.x doesn’t. For the purposes of this post I’ll be focusing on version 2.x.

KeePass has a number of great features that make it indispensable in my day-to-day computing life. While the full feature list is actually quite long I’ll just list the most useful or important ones here:

  • Open source which means that the source code has been looked at and checked over for any sort of backdoor or other nonsense that a potentially evil author would code into it. This is very important when you’re considering placing all of your password eggs in one proverbial basket.
  • When you create a new password entry you can store any sort of arbitrary information along with it:

    New Password Entry

    New Password Entry

  • All of your passwords are stored completely encrypted including all comments, website URLs and user names. This is incredibly convenient because it allows you to safely do things like create an entry containing you credit card information. Never again will you have to hunt down your wallet to make that spur of the moment online purchase!
  • It is portable – you can run it straight off of a USB stick, no installation required!
  • Rule based, strong password generator. Having a long, strong, password is very important but remembering one is very hard. Instead why not have KeePass generate a per-website, completely random, strong password for you? Using a website that for some reason doesn’t like special characters or only allows up to a 12 character password? No problem just change the rule set you use when you generate that particular password.
    Password Generator

    Password Generator

    Here are some examples of random passwords I just generated now:

    Lots of random passwords!

    Lots of random passwords!

  • Cross-platform – KeePass has implementations on almost every platform. Version 1.x runs on Windows, Mac and Linux (via KeePassX). Version 2.x runs on Windows, Mac and Linux (using Microsoft’s .NET or the open source Mono). There are even versions of it for Android, iPhone and others.
  • Auto-type – this is by far the best feature. Even if you, for some reason, didn’t want to use any other feature that KeePass has to offer, its Auto-type functionality alone is worth the install. Essentially you tell KeePass what window to look for (for instance Firefox browsing my bank’s website) and how it should type things for you (usually user name, tab, password, enter). Then you set up some key combination you want to use (like Ctrl + Alt + A) and KeePass does all of the typing for you. Now when I want to enter one of those crazy strong and super random passwords I don’t have to type it out or even copy and paste. I simply click my mouse in the user name field and press Ctrl + Alt + A. The genius of this is that it can work for all accounts on your computer not just website ones – for instance I use it at work to keep track of my passwords for our internal programs.


All of this praise may make it seem like I’m getting paid to write this article but that isn’t the case (not that I would turn the money down mind you *hint hint*…). KeePass is just one of those programs I use daily that does so many things right I can’t help but like it. So in conclusion give it, or a similar password store, a try and make your online presence more resilient to password hacking. Let me know which password safes you think are awesome.

This post originally appeared on my personal website here.

I am currently running a variety of distributions, primarily Linux Mint 18.
Previously I was running KDE 4.3.3 on top of Fedora 11 (for the first experiment) and KDE 4.6.5 on top of Gentoo (for the second experiment).
Feel free to visit me at my personal website here.

The Need for a Password Manager

September 2nd, 2009 1 comment

On my Windows machine, I use a free program called KeePass to manage all of my passwords. It creates an encrypted file that contains all of my passwords, and automatically pastes them into the correct dialog boxes when I hit ctrl-alt-a.

Since I’m attempting to emulate my normal work flow, one of my first goals with Debian was to get a password manager up and running, and to disable the password management tool that is present in Iceweasel (For those that don’t know, Iceweasel is Firefox, but it’s been re-branded and given a new set of icons so that it is a truly “free” program).

Luckily, with just a few minutes of looking around, I found the KeePassX project, a mature cross-platform clone of the KeePass project that even imports KeePass 1.x database files. Installation was simple, and once I exported a 1.x version of my KeePass database from my Windows machine, KeePassX opened it immediately.

It should be noted that GNOME ships with an application called Seahorse that provides a graphical front end to the underlying keyring management system. This application seems to have been designed primarily for remembering PGP keys and remote server passwords. It handles my wireless network passwords, but I can’t seem to figure out how to add website passwords to it, so KeePassX is my replacement solution.

Aside: To add another item to my to-do list, I’ve just noticed that GNOME has registered the Epiphany web browser as my default browser, so all system links launch in it instead of in Iceweasel. From what I’ve seen so far, it’s not that Ephiphany is a bad browser, but more that I’m used to how Iceweasel works. Further, Epiphany appears to just be another re-branding. According to it’s webpage, it runs all the same plugins that Firefox can… So I guess my first question is, why bother?