Sure there is code. But I can't go through the code..
As far as I'm aware the newest KeePass format seems to do these things well (they switched from a custom AES-based KDF to using Argon2 recently), but I'm not sure if KeePass XC does the same and I'm certainly not qualified to review these things perfectly myself.
Also, I'm not accusing you of anything but I have the feeling real name/face/whatever policies are one of those things that disproportionately affect minorities (people who are subject to harassment online or otherwise uncomfortable sharing their identity) while doing almost nothing to ensure trustworthiness.
1. Plug in Onlykey and unlock if necessary.
2. Open database in KeepassXC.
3. Press button in Onlykey with the KeepassXC password.
4. Press any button again when it asks for HMAC challenge.
Currently using BitWarden and I like the sync, the browser integration, and availability on Android.
KeePass has many plugins available, which allow extending its behavior. KeePassXC doesn't have plugins, but has many quality of live things built-in.
I used both, but currently use KeePassXC. I really love its ssh key integration.
KeepassXC written with C++ and crossplatform GUI, so it’s better fit with Linux and macOS. Also, AFAIK, KeepassXC has more features.
I’m using Keepass because I trust C# more than I trust C++ when it comes to security. But it’s nice to have options.
https://keepassxc.org/docs/#faq-keepassx
tldr is : C# (canonical project) -- vs -- C++ (older project) -- vs -- C++ (newer project)
Looks like it uses HTTPS to me.
What you're referring to is an old (fixed roughly six years ago), and highly misrepresented situation discussed here:
One thing I'd like to see is one file being able to be unlocked via multiple keys so for example my desktop could use a password+keyfile whereas my laptop would need password+hardware key, but they both backup to the same file. Do any other managers enable this?
