Recommended Clients

Master Passwords and Key-disks

KeePass Password Safe
I also disagree with the design choice of taking the names of the objects on the keyring as a command line argument: How are you generating a kdbx file that has the record where they think it is? Maybe ping the EFF? I'm not a cryptographer but needed a couple features that the other password managers dont have, and would be too difficult to patch, so I wrote my own. My vote of 5 Ronald Hoek 5-Jun

Welcome to Reddit,


I used minikeepass on my iphone so far and everything work smoothly, but would be great to access to my kdbx folder just with the touchID, without everytime type my password that is quite long. Use of this site constitutes acceptance of our User Agreement and Privacy Policy. Log in or sign up in seconds. Submit a new link. Submit a new text post. Welcome to Reddit, the front page of the internet. Become a Redditor and subscribe to one of thousands of communities.

It seems MiniKeepPass is the least problematic - what are you using? Want to add to the discussion? Android is much better off in this case. I've never used that section in Keepass, so I never noticed until now. You can certainly make a kdbx file that KeePass will open, but it is impossible to make one that will fool the user without more than enough information to just compromise the database. I have a private server in a datacenter that I put together myself.

What is the attack vector there? You die and the Executor of your Estate tries to access the Lawyer's website, only to be met with "invalid password". It turns out that the kdbx on your private server got silently corrupted ex. However, your Dropbox backups only have 30 days of previous kdbx versions.

Can your Executor handle the disappointment? I believe this issue is grave enough. With fail2ban in place, and it's on a random port. TheDong on June 17, That answer does not inspire confidence.

Get a real firewall 2 Fail2ban is not a real firewall 3 Keys only, no passwords. Tomte on June 16, It's literally the textbook example of a timing sidechannel. Though I won't speculate if it's a real problem here, since I have no idea what data is being compared.

I must admit, I can't immediately see the problem with leaking timing data. The client that decrypts the password database runs on your local computer, and typically places clear-text-passwords into the clipboard during normal use.

So if your local computer is compromised you have way bigger problems than timing attacks. Guvante on June 17, It does have a mode that allows you to avoid clipboard sniffers if the program you are targeting supports it.

However most attack vectors on the local machine can usually get a hold of both keyboard and clipboard data making it impossible to prevent sniffing, but that does assume a sophisticated sniffer. UnoriginalGuy on June 17, The vast majority of modern malware no longer monitors either the clipboard OR keyboard. It hooks right into the browser or sometimes network stack. So when you submit a form the malware records what was in the form and just as important where that form was submitted to i.

Without context the where the information the what is near worthless. Aside from toy malware nobody actually logs keys anymore, the term "keylogger" is just a word, it isn't literal. I have looked at the leaked source of commercial in the black market malware. A core part of this malware is automation for resale, nobody is going to read through hundreds of pages of someone's clipboard and keystrokes to figure out what page they're on, and it is by far a more difficult route than just breaking into the browser, hooking Win32 functions, or hooking into the network stack before encryption occurs.

Do you care about that kind of side channel for an offline vault? If your adversaries are on your box while you operate your vault, then you have already lost because they will also have keyloggers, strace, etc. Nogwater on June 16, What if they hack your dropbox account and get a copy of the vault that way?

They're not on your box, but now they can try to break into your vault. Well, the decryption code is open source. And they have the ciphertext. So what does a timing attack give the attacker?

If keeppass removes the possible timing attack, the attacker could just add it back in and use their own client, if they have a copy of your database. Then a timing side channel is not relevant, because they won't be watching you operate the vault.

The problem is that it's usually not true that you can have confidentiality without integrity, because of chosen ciphertext attacks. Confidentiality isn't your only concern. You should also be worried about integrity and availability. Unfortunately, [KDBX4] introduces new vulnerabilities.

As such, is it susceptible to modifications This modification is not detectable by the password manager This attack highlights a remarkable design flaw. Such corruption is unlikely to be immediately detected by users, who may subsequently add new entries. Over time, the database will be composed of both correct and corrupted entries, making it difficult to reconstruct the damaged records from a backup.

Which reminds me - I need to migrate back to Password Safe as soon as possible. Confidentiality is my only concern in the case of malicious modification. Remember, that availability and integrity of your database can be broken without an attacker, just due to hardware problem, for example. So it is up to you to have a cold backup for such a critical asset.

May I emphasize this sentence? I don't know enough about cryptography to be able to say whether it's possible to break a particular cryptographic protocol by blindly altering the ciphertext, but I do know plenty about human nature and backups. My own personal backup retention limit is on the order of 30 days, and that's with careful planning. Silent, on-going data corruption happening to a password database seems like a very reasonable thing to concern oneself with, especially if one's expectation was that the password manager would throw some kind of data integrity error whenever said database was accessed.

How will you do that? It looks tricky to say the least: It looks like you can clear out all the comments and other stuff in the db and export to Keepass v1 CSV and you should be able to import from that.

Hey, thanks a ton for the clue! This isn't true anymore. I haven't checked other implementations. I broke into your e-mail and need to get you to force a password reset on some other account, so I maliciously modify to give you an invalid stored password. If the attacker already has control of the email address, they can reset the account without going to such lengths--just visit the site and request a password reset.

Could you please provide more details on suggested attack? KeePass from version 1. TimWolla on June 16, Apparently someone reported this thread to the author. You might want to follow the SourceForge issue: Much like 4th page retractions on stories in newspapers, headlines will always win out in terms of the influence on the readers. That said, the author of KeePass responded to all the discussions here over on the project forum at SourceForge.

Since a lot of people aren't willing to even visit SF anymore, his notable responses were: The header validation was fixed as of 2. He has fixed this anyhow as the performance impact was minimal as of 2. They have no concerns about SF doing anything to their project.

It would be nice if someone like CodesInChaos ie. NET expertise were to casually audit the KeePass 2. It would be nice to create a kdbx 3. Additional evidence of inadequate. Clearly, the "process memory compromise" threat vector is taken very seriously by the authors. Here's a KeePass function that generates a key: Does anyone see what the problem is?

NET works - except that. NET doesn't work the way they think it works. The generation of the Master Key: Note that "pbNewKey" can be sitting in memory forever.

KeePass memory protection is completely ineffective I only speak for. Would be interesting to compare the. NET implementation to the "legacy" c version, Keepass 1. Thanks for your remarks on KeePass; I have at times been a heavy user. I've often wondered about its security especially the security of its ports but I don't have the expertise to evaluate it myself.

I'm not aware of any audits or systematic analyses as it hasn't received the attention that mobile password managers have. The truly paranoid keep their KeePass database in an encrypted volume used solely for that purpose. Answering on whether somebody did an audit for KeePass http: The author is commenting on this thread here: The issues raised in the thread are documented on his webpage here: For anyone who has wanted to switch to KeePassX to avoid mono dependencies, for instance , but needed the integration with keepasshttp, this project is active: I may not actually switch, as the Pass project some others have posted here looks very good as a cross-platform solution e.

I love KeepassX, but the time it takes to add features and make releases is disencouraging. I don't like that I have to use a fork for months or years because the author is to proud to let in other main contributors this concerns open source in general, but KeepassX is a great example for this.

This stuck out to me: One of my side projects is a keyring manager; similarly, it feeds the data through GPG.

However, the keyring is one file i. I also disagree with the design choice of taking the names of the objects on the keyring as a command line argument: This is the same argument, really; if you consider the name of the object on the keyring to be sensitive, then you don't want it as a filename it's not encrypted or as an arg it's in a history file… not encrypted. It may not be as polished as some of the other options out there, but it is what I use.

I am mostly happy with it. I just wish there was a built in way to encrypt the folder structure to hide what sites I have credentials for. I've just been too lazy to encrypt the directory myself. Running a separate vm is an interesting idea that I had not thought of. If you have this vm running an FDE install then it would make it also super easy to backup all your passwords, just shutdown the vm and copy the vdi, would only be a few gigs don't need too much software in this install, just the base system, gpg and whatever ncurses daemon to listen for password requests.

You'll need block-level encryption such as LUKS and a loopback mount if you want to keep that hidden, at least when that partition isn't mounted. Uses well-audited GPG, high level crypto functions which makes it difficult for the developer to get the crypto wrong.

Well it sounds like you just did a security audit of KeePass, albeit an incomplete and cursory one. But as a small open-source project, that's probably better than they have now.

Have you considered submitting this analysis to the KeePass team? Or even better, analysis plus suggested code to fix the problems? As a user of KeePass this would be in your interest. And as a user of KeePass myself, it is in my interest to encourage experts to help that project out. Globz on June 16, I have been a KeePass user for many years and I always used this in conjunction with a TrueCrypt container meaning that I keep my kdbx file inside the container.

Yes TrueCrypt isn't "safe" but at this point it will take one highly motivated attacker to steal my "important" passwords. Sadly I am not aware of any audits related to KeePass but I would be happy to read one! Why do you say TrueCrypt isn't safe? I only skimmed the audit, but it seemed to have an overall positive impression, no?

Using TrueCrypt is not secure as it may contain unfixed security issues If I recall the audit was positive but who knows why this message was plastered everywhere when "they" decided to call it quits.

Because "they" are no longer updating it and at some point there will be security issues that will go unfixed. Same thing with Windows XP. It didn't immediately fall apart when support ended, but we were pushing so hard for it to go away because it would never see another security update.

It's just really, really bad practice to use something that will never be updated, especially a security product. Windows XP was not audited, and it's been full of bugs since day one, with new vulnerabilities every month, year after year. And it has a huge attack surface. That's hardly comparable to TrueCrypt. TrueCrypt WAS audited and yes there is a risk of some serious vulnerability being found in the future, but at least we know there's none known for now not publicly, at least.

That same risk, that some serious vulnerability could be found in the future, also affects all other existing encryption products, since none have been formally demonstrated to be secure. If I can migrate today to a different product, then I can just prepare to migrate in the future but stay with TrueCrypt until such vulnerability is found, if it ever is. There is, after all, the possibility that none will be found, and it's more likely that none will be found in TrueCrypt than it is in other non-audited products.

Why should I switch now? And why would it be better today to use a product that has not been audited so far but is supposedly still being supported, instead of using one that HAS been audited even if it has been abandoned? Furthermore, currently supported products could be abandoned tomorrow too, or worse: I acknowledge that your argument has some well known heavyweights backing it. Bruce Schneier mentioned this risk about TrueCrypt recently, and then he went to recommend some closed-source solution based on its creator's good vibes.

Tom Ptacek also resorted to this newfangled "vibe" method in one of his comments in this very thread. I fail to see the point in all this. Maybe I'm missing something, but I find such reasonings specious. I never said "don't use TrueCrypt". I'm just explaining why they posted that message. They said "this product will likely have unpatched vulnerabilities in the future" because it will likely have unpatched vulnerabilities in the future. It's unsupported, and using unsupported security software is really bad practice.

Use TrueCrypt, it's probably pretty secure still. A year from now, I might not be able to say the same thing. Two years from now will be even worse. It will get harder and harder to keep recommending it as time goes on and it hasn't been updated.

But if anyone is wondering why they posted that message, it's not cryptic. Eventually there will be a vulnerability, and it will not be patched. Repeating a flawed argument does not make it more logical. See my comment above, repeat as necessary. What do you mean a flawed argument?

I'm not arguing anything. I'm explaining why they posted that message. If you want it to be easier to understand, imagine they said "It might not be anymore". They literally never need to update that text. It's either still or it is not anymore. TrueCrypt is either still secure or it is not secure anymore. Either way, the statement "TrueCrypt may not be secure anymore" will always be valid. If you think TrueCrypt will remain secure forever just because it's been verified as secure in the past, remember that there was a time when computers could not crack a MD5 code.

When SHA-1 was considered secure. I'm not arguing anything, just pointing out the obvious. Secure software today does not mean secure software tomorrow, especially if the software is not getting regular security updates. There is objectively no flaw in that statement.

I just couldn't bring myself to use close source drive encryption software. Because it's the responsible thing to do. If you are going to stop development, that means outstanding issues will not be fixed. Using TrueCrypt is not secure as it may contain unfixed security issues That did really look the like maintainers flipping the table over and walking away. TrueCrypt and most other disk encryption software suffer from the same problem mentioned by the OP: I wrote a transparent encryption filesystem https: Nothing about KeePass, but recently I was wondering if I could write a software for deriving the keys from the master secret and seed i.

Here is what I have came with: Please let me know if you have any questions! I've been working on a password manager for a while now. It's been a learning experience in practically every way. I'm not a cryptographer but needed a couple features that the other password managers dont have, and would be too difficult to patch, so I wrote my own. KeePass is really good and user friendly, but like I said, is missing some things I need. It's hosted on sourceforge which I don't plan on changing since they seem to have wisened up.

If you want to try it out or help with development the project page is at http: Aloha on June 16, This is why for work at least, I've kept to a spreadsheet on my workstation, the workstation uses full disk encryption, so I feel this is reasonably secure.

It's better than nothing and likely better than something without source. Guillaume86 on June 16, I didn't check but I assume they use SecureString. Basically, when an object goes out of scope, it isn't de-allocated instantly. Immutable strings aren't standard; they're an implementation choice.

I suppose that using a random Android Keypass app is just asking for trouble. Open source, open standard, generative password manager with "two-factor" security using both a passphrase and a private key file: I like to store other things too in password files like credit card numbers, notes ,etc. INTPenis on June 17, Keepass was never meant for corporate use, that much I am positive about.

So personally I use gpg through the pass 1 script. However, for corporate use I must recommend siptrack, a Django-based webbapp, with a xmlrpc api, that tries not so much to replace keepass but rather racktables and keepass. So it's much more than password management but it uses pycrypto and doesn't try to re-invent encryption. Future plans have it moving to pynacl too.

If you are such a great expert. NET programmer what sees others errors, stop complaining and help him. You have his git and you can pull request. Itsameee on June 16, From my point of view, an authenticator e.

HMAC is only necessary in case of a protocol-based transmission. An authentication between the main memory and the CPU is obviously not required.

As noted by other commenters, it's not threadsafe in that two different threads might initialize the class at the same time. However, I don't see that anyone bothered to ask "So what? One will live for the life of the AppDomain.

The other will get used briefly, then thrown away. It's a little messy, but will it cause any actual problems? It's not holding any important state that must not be lost, and it's not holding on to any resources that might be leaked. The worst case is just that you initialize two RNGs instead of one, so you might get slightly different random numbers than you would otherwise get. The thief would have access to your e-mail account, website, etc. KeePass is a free open source password manager, which helps you to manage your passwords in a secure way.

You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known AES and Twofish.

For more information, see the features page.

Want to add to the discussion?

Leave a Reply

Download KeePass for free. A lightweight and easy-to-use password manager. KeePass Password Safe is a free, open source, lightweight, and easy-to-use password manager for Windows, Linux and Mac OS X, with ports for /5(). Source code packages, containing everything you need to build your own gas-bg.ga and plugins (source code, resources, build scripts. Sep 11,  · Hi Dominik - Thanks for the reply. I was assuming Keepass was an open source project - guess not. Really wish you would consider it. I looked into the command line option previously, but is pretty limiting because it only works the first time you launch Keepass.