KeePassXC 2.4.3 (opens in new tab)

KeePass is the original project. It is an open source dotnet application. The source code, as of the last time I checked, is released as a tar/zip with the binaries only.

KeePassX is an open source c++ application. It was one of the cross platform applications to manage KeePass databases. It has not been under very active development for a while.

KeePassXC is a fork of KeePassX which is under active developement. They have added many features and improvements and has stayed up to date with kdbx updates.

The difference is the UI. They all use the same* database format underneath.

Thr original Keepass was at first a Windows only app, so KeepassX was created as a cross platform reimplementation using Qt. Nowadays Keepass uses .Net and also is cross platform but Linux users prefer Qt because it feels more "native" than .Net.

KeepassXC is a more recent fork of KeepassX, which added a bunch of extra features. Notably, it added support for version 4 of the keepass database format, and it also allows you to use a browser extension to enter passwords inside web browser forms without needing to cut and paste.

Explained in detail here:

https://superuser.com/a/879013

I'm a LastPass user trying to switch to KeePassXC. I tried it once on my computer but couldn't find a way to create folder inside a folder inside a folder and so on. I like organizing everything so this is the only thing holding me from switching to KeePass. BTW is it possible to do that in KeePass? I haven't explored it a lot.

It is, but the 2.4 release introduced integrated updates. I was still on 2.3 and wasn't aware of this, or that my KeePass was out of date until I saw this this morning. So I am thankful for the heads up. :)

(Full disclosure: I contribute to KeePassXC)

In fact, KeePassXC has shown to have better memory protection than KeePass: https://keepassxc.org/blog/2019-02-21-memory-security/ (note the article is from February, some things have changed since then, see below). The only thing we do not have at the moment is in-memory encryption. We do, however implement the following security measures on all platforms:

- prevent swapping of master key hashes (using gcry_malloc_secure)

- prevent non-root / admin access to our process memory (KeePass does NOT have this)

- overwrite all dynamically allocated memory with zeros on free

- disable any kind of coredump or crash reporting

A patch for in-memory encryption is being worked on, but needs further testing before it can be merged: https://github.com/keepassxreboot/keepassxc/pull/3055

Please note that this still cannot fully prevent swapping out of secrets. As soon as things are to be displayed somewhere in the GUI, they are basically out of our hands. We also cannot fully protect everything while the database is being loaded or written. However, the same applies to KeePass. There is just too much going on with memory management on modern operating systems.

I thought that it did now. For example this PR: https://github.com/keepassxreboot/keepassxc/pull/3020

Edit: Also, see this PR: https://github.com/keepassxreboot/keepassxc/pull/371

Can elaborate more on the practical benefits of encrypted memory? Presumably this is mainly good for multi-user systems? On the average single-user system it seems that if you can already read memory there are 1000 other possible exploits that are cheaper / easier to perform (ie. keylog, screen capture, etc).

What troubles? I recently started to use it, and so far I did not encounter any troubles. For me the killer feature of KeePass is that it allows me to safely use it without typing master password using -pw-enc command line argument. I hated to type my password every day over and over again with 1Password. Especially because I understand that it's very weak protection if someone already break in my computer.

There are a couple of recent posts / discussions on HN regarding the topic: https://hn.algolia.com/?query=password%20manager&sort=byPopu...

I switched from Lastpass to Bitwarden about a year ago as well. I have no complaints except for a few minor UX annoyances in the firefox add-on.

https://github.com/MiniKeePass/MiniKeePass it's very basic but it works. if you keep the kdbx file in cloud storage, you can use iOS "open with" to open in MiniKeePass.

Strongbox is the best one right now. It supports KDBX 4, while older minikeepass doesn't.

I use KyPass on iOS and I am happy with it. I think it is 6$ on the app store.

I am able to sort by latest modification date (not sure if thats what you meant).

For me the biggest difference is that you have a single encrypted database file, and that no metadata is stored unencrypted. By default, pass uses file names as keys, so website names are stored in the clear. (To fix this on pass.you need to use pass-tomb, which I found very clunky, and could never get working quite right)

Another thing I like about keepassxc is that it has lots of features. It comes with a flexible passwird generator, has a friendly GUI UI, can be integrated to the web browser using an extension, and there are compatible android apps you can use on your phone.

I am a pass user and for me the big drawback is that is exposes the website names by design.

Yes, you can store the database file in a shared drive (not sure that's proper security though)

I setup two-way sync of the database with my android phone using syncthing - works flawlessly.