Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Does anyone know what is the advantage of keepassxc over regular keepass?
Keepass seems to be audited in the European Commission's Free and Open Source Software Auditing (EU-FOSSA 1) whereas keepassxc has been not.
However my second thought is that maybe this information is to mislead people and make them mistakenly thinking it is safe software to keep passwords but in fact it has hidden backdoors?
I know, quite paranoid but I wonder if anyone already did some research about that?
A: KeePass is a very proven and feature-rich password manager and there is nothing fundamentally wrong with it. However, it is written in C# and therefore requires Microsoft's .NET platform. On systems other than Windows, you can run KeePass using the Mono runtime libraries, but you won't get the native look and feel which you are used to.
KeePassXC, on the other hand, is developed in C++ and runs natively on all platforms giving you the best-possible platform integration.
I dont see how does it refer to security and trust.
Possibly I wasnt clear in my initial post. By advantage I mean security and reliability... not the outlook (look and feel).
By advantage I mean security and reliability... not the outlook (look and feel).
In that case, it seems clear from what the keepassXC developers themselves wrote: there is no security or reliability advantage to keepassXC over keepass. If there was, surely they would have mentioned it.
By a quick look it seems Bitwarden is cloud-based. Means u store your sensitive data at the 3rd party organization.
Im surprised anyone would even consider it as a place to store a password and call it safe.
The advantage of Keepassx over Keepass, at least initially, was that Keepass did not offer a Linux-compatible version. I could not find a Linux version for download at the Keepass website, although the Wikipedia article says that they offer Linux support via mono.
KeepassX is an opensource program with compatibility for Keepass v.1 database formats. I did not check to see whether it has been upgraded to have compatibility with the Keepass v. 2.0 database format.
Keepassxc started as a community fork of Keepassx implementing compatibility with the Keepass v.2 database format.
I have used both Keepassx and Keepassxc and have no complaints about either.
Does anyone know what is the advantage of keepassxc over regular keepass?
Keepass seems to be audited in the European Commission's Free and Open Source Software Auditing (EU-FOSSA 1) whereas keepassxc has been not.
However my second thought is that maybe this information is to mislead people and make them mistakenly thinking it is safe software to keep passwords but in fact it has hidden backdoors?
I know, quite paranoid but I wonder if anyone already did some research about that?
This question has been asked & answered several times across the 'net.
Obviously you saw some of that, otherwise you wouldn't know about one having the security audit while the other didn't.
First of all, the mere existence of a security audit does not say anything about the software's security, and that goes both ways:
software that did get an official audit is not necessarily secure.
software that did not get an official audit is not necessarily insecure.
But more importantly, security audits are most relevant for internet-facing applications, esp. when they store sensitive data online. I suspect keepass has such feature (never tried it) but keepassxc does not! Therefore keepassxc is the safer and better alternative for me, apart from hating mono applications (it's not only the looks, they're also sluggish and mono tends to be more buggy than native toolkits).
Quote:
Originally Posted by uteck
Bitwarden has a server build you can host yourself it you don;t trust the cloud.
Well then it's your own cloud! Still needs to be secure.
What I eventually did is:
I keep KeePass (the one with allegedly audited code) inside of VM without the network AND guest OS without network stack.
That is another layer of assurance that data will not leak.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.