KeePassXC 2.5 (opens in new tab)

(keepassxc.org)

96 pointsphoerious6y ago44 comments

44 comments

Anyone here have opinions on or pointers to the KeePassXC team's rep, creds or track record? I've been using KeePassX partly because Tavis Ormandy said it "looked sane" in a tweet once. How careful is the XC team when adding features?

mehrdadn6y ago

What kinds of issues are you expecting? Short of actively writing malicious code, I feel like it's hard to get things terribly wrong in an offline password manager when adding a new feature? There are various mitigations you can put in against some potential attacks, but they're generally secondary lines of defense that require other breaches to occur first.

ta09876y ago

I don't know, that's why I'm asking the question.

I've seen enough security bugs that I don't want to trust the gut feelings of a non-expert, such as myself. One example I can think of is another password manager that used random numbers incorrectly putting a bias in the random passwords it was generating.

1 more reply

breadandcrumbel6y ago

I was only familiar with Keepass. What are the differences between all the different products? KeypassXC, KeepassX and Keepass?

AdamGibbins6y ago

Keepass uses .NET, so is dependant on the mono framework etc on non-Windows.

KeepassX is no longer maintained.

KeepassXC is maintained and more featured, it's also not dependant on .NET.

tunesmith6y ago

For mac users, there's also MacPass (https://macpassapp.org), which is Keepass compatible.

1 more reply

apta6y ago

Wouldn't this sort of software be better written in a safe language like C# as opposed to C++?

3 more replies

kijiki6y ago

Keypass is written in C#, so requires a .NET runtime.

KeypassX is a rewrite in C++, using QT. KeypassXC is a fork of KeypassX, as KeypassX was felt to be unmaintained.

JohnTHaller6y ago

> KeypassX was felt to be unmaintained

KeypassX was abandoned 3 years ago

1 more reply

mikece6y ago

The “backup to paper” option is intriguing and I thought at first this would be as a series of QR codes instead of plain text. Will definitely be looking into the CLI options as well.

AdamGibbins6y ago

It's just a HTML export, nothing particularly special.

jumelles6y ago

What sort of CLI interface does XC have? Can I finally replace keepassc?

louib6y ago

Right now the best doc about the CLI would be the manpage I think https://github.com/keepassxreboot/keepassxc/blob/develop/sha...

Evidlo6y ago

I wrote an interface that takes inspiration from pass: https://github.com/evidlo/passhole

There is also keepassxc-cli and kpcli.

nichos6y ago

I used the keepass format for years up until a few months ago. I switched over to bitwarden, mostly for the sharing.

Important accounts are sharedd between my wife and I, and I back everything up to my NAS regularly.

For work, we're looking in to vault by hashicorp.

1 more reply

hirundo6y ago

If I can't use it on my phone I need to run two different password managers, which is awkward at best. Seems like iOS/Android versions could help a lot with traction.

rex_lupi6y ago

There are many keepass compatible apps available on F-Droid. I'm using KeePass DX, it has a clean ui, autofill support and fingerprint auth.

https://f-droid.org/app/com.kunzisoft.keepass.libre

panpanna6y ago

That app looks good, thanks for sharing!

yorwba6y ago

KeePassXC is just a GUI for a particular password database format. There are mobile apps supporting the same format: https://keepassxc.org/docs/#faq-platform-mobile

rolltiide6y ago

Does this one have auto-saving of the key store after adding an entry?

I've lost a lot from KeepPassX by being spoiled by other auto-saving managers over the majority of this century.

maheart6y ago

AFAIK, that feature has been available for some time (I've been using it, and can confirm that it works flawlessly). You can find it under Tools -> Settings -> General -> File Management -> Automatically save after every change.

rolltiide6y ago

and why is it not default? whats the use case here assuming there actually is a rationale

1 more reply

simcop23876y ago

Xc does have that feature. Definitely a good thing

mackrevinack6y ago

yea theres an option to save after every change

pacomerh6y ago

I'll definitely use the monospace option. Does anyone know how to use the CLI version?, is it a separate app?

maheart6y ago

At least in Debian-based distros, the CLI version ships with the ``keepassxc`` package. I've used it on the odd occasion for password retrieval, and I can confirm it worked for my needs. You can find the manpage to give you some indication of what's possible: http://manpages.ubuntu.com/manpages/eoan/man1/keepassxc-cli....

keepassxcoddity6y ago

Should I be concerned that upon installing 2.5 on MacOS it requested permission to Screen Recording?

Nerada6y ago

That's needed for the Auto-Type to find windows.

https://github.com/keepassxreboot/keepassxc/issues/3675

all_blue_chucks6y ago

Can it auto-fill passwords on mobile apps?

aaronax6y ago

I've been happy with Keepass2Android, which would be compatible with KeePass XC files.

sdan6y ago

Is this better than pass?

Tajnymag6y ago

Theoretically, you could consider it better.

KeePass saves passwords in a single encrypted file by default. This means that an attacker has no idea about the structure of your entries and usernames.

Plus, it's easier to setup on multiple machines, as you don't need to export/import your PGP keys from your initial machine.

Features and ease of use are subjective to each user.

jlgaddis6y ago

That, of course, depends on your requirements and how you define "better".

j / k navigate · click thread line to collapse

44 comments

ta09876y ago

mehrdadn6y ago

ta09876y ago

I don't know, that's why I'm asking the question.

1 more reply

breadandcrumbel6y ago

I was only familiar with Keepass. What are the differences between all the different products? KeypassXC, KeepassX and Keepass?

AdamGibbins6y ago

Keepass uses .NET, so is dependant on the mono framework etc on non-Windows.

KeepassX is no longer maintained.

KeepassXC is maintained and more featured, it's also not dependant on .NET.

tunesmith6y ago

For mac users, there's also MacPass (https://macpassapp.org), which is Keepass compatible.

1 more reply

apta6y ago

Wouldn't this sort of software be better written in a safe language like C# as opposed to C++?

3 more replies

kijiki6y ago

Keypass is written in C#, so requires a .NET runtime.

KeypassX is a rewrite in C++, using QT. KeypassXC is a fork of KeypassX, as KeypassX was felt to be unmaintained.

JohnTHaller6y ago

> KeypassX was felt to be unmaintained

KeypassX was abandoned 3 years ago

1 more reply

mikece6y ago

The “backup to paper” option is intriguing and I thought at first this would be as a series of QR codes instead of plain text. Will definitely be looking into the CLI options as well.

AdamGibbins6y ago

It's just a HTML export, nothing particularly special.

jumelles6y ago

What sort of CLI interface does XC have? Can I finally replace keepassc?

louib6y ago

Right now the best doc about the CLI would be the manpage I think https://github.com/keepassxreboot/keepassxc/blob/develop/sha...

Evidlo6y ago

I wrote an interface that takes inspiration from pass: https://github.com/evidlo/passhole

There is also keepassxc-cli and kpcli.

nichos6y ago

I used the keepass format for years up until a few months ago. I switched over to bitwarden, mostly for the sharing.

Important accounts are sharedd between my wife and I, and I back everything up to my NAS regularly.

For work, we're looking in to vault by hashicorp.

1 more reply

hirundo6y ago

If I can't use it on my phone I need to run two different password managers, which is awkward at best. Seems like iOS/Android versions could help a lot with traction.

rex_lupi6y ago

There are many keepass compatible apps available on F-Droid. I'm using KeePass DX, it has a clean ui, autofill support and fingerprint auth.

https://f-droid.org/app/com.kunzisoft.keepass.libre

panpanna6y ago

That app looks good, thanks for sharing!

yorwba6y ago

KeePassXC is just a GUI for a particular password database format. There are mobile apps supporting the same format: https://keepassxc.org/docs/#faq-platform-mobile

rolltiide6y ago

Does this one have auto-saving of the key store after adding an entry?

I've lost a lot from KeepPassX by being spoiled by other auto-saving managers over the majority of this century.

maheart6y ago

rolltiide6y ago

and why is it not default? whats the use case here assuming there actually is a rationale

1 more reply

simcop23876y ago

Xc does have that feature. Definitely a good thing

mackrevinack6y ago

yea theres an option to save after every change

pacomerh6y ago

I'll definitely use the monospace option. Does anyone know how to use the CLI version?, is it a separate app?

maheart6y ago

keepassxcoddity6y ago

Should I be concerned that upon installing 2.5 on MacOS it requested permission to Screen Recording?

Nerada6y ago

That's needed for the Auto-Type to find windows.

https://github.com/keepassxreboot/keepassxc/issues/3675

all_blue_chucks6y ago

Can it auto-fill passwords on mobile apps?

aaronax6y ago

I've been happy with Keepass2Android, which would be compatible with KeePass XC files.

sdan6y ago

Is this better than pass?

Tajnymag6y ago

Theoretically, you could consider it better.

KeePass saves passwords in a single encrypted file by default. This means that an attacker has no idea about the structure of your entries and usernames.

Plus, it's easier to setup on multiple machines, as you don't need to export/import your PGP keys from your initial machine.

Features and ease of use are subjective to each user.

jlgaddis6y ago

That, of course, depends on your requirements and how you define "better".

j / k navigate · click thread line to collapse