LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 11-15-2019, 07:27 AM   #1
lisamint
Member
 
Registered: Nov 2019
Posts: 36

Rep: Reputation: Disabled
Keepass2 or KeepassXC?


Hi Everyone,

Which password manager would you choose: Keepass2 or KeepassXC? Please note I do not mention KeepassX, which has not been actively developed (and, as a result, KeypassXC emerged).

Keepass2 was originally available only for Windows, and then they created a version for Linux written in C# and using mono, which seems to be problematic and regarded as a security risk because it uses Microsoft .NET platform (please see links below).
https://www.fsf.org/news/dont-depend-on-mono
https://lwn.net/Articles/339314/

KeepassXC is a fork of KeepassX and is written in C++. Although it has not gone through a security audit, it is recommended by several security-focused websites (please see links below).
https://www.privacytools.io/software/passwords/
https://www.privacybytes.com/tools/#password
https://prism-break.org/en/subcatego...word-managers/
https://ssd.eff.org/en/module/how-use-keepassxc

Both are open source.

As I don't understand anything about the codebase to properly assess which one (potentially) offers more security, what are your views on these two password managers in terms of security?

Thanks.

Last edited by lisamint; 11-15-2019 at 07:59 AM.
 
Old 11-15-2019, 07:50 AM   #2
bgstack15
Member
 
Registered: Jul 2017
Distribution: korora
Posts: 90

Rep: Reputation: Disabled
I choose Keepass2. I have been using it for a very long time, and for silly reasons I like its UI better than KeepassXC's. I know nothing about the various codebases, however.

Additionally: The mono dependency means that Keepass2 does not fully integrate into your desktop environment. And something must have borked up my mono setup because the fonts and UI have gotten slightly messed up, and long entries get truncated in weird ways. But that's a local implementation issue, I hope.
 
Old 11-15-2019, 04:27 PM   #3
beachboy2
Senior Member
 
Registered: Jan 2007
Location: Wild West Wales, UK
Distribution: Linux Mint 21 MATE, EndeavourOS, antiX, MX Linux
Posts: 3,953
Blog Entries: 32

Rep: Reputation: 1463Reputation: 1463Reputation: 1463Reputation: 1463Reputation: 1463Reputation: 1463Reputation: 1463Reputation: 1463Reputation: 1463Reputation: 1463
lisamint,

Another strong recommendation from me for KeePass2. It is free, open source, very secure and easy to use.

Regardless of password manager it is essential to use two factor authentication (2FA).

Two Factor Authentication:
http://www.geeksengine.com/article/keepass-2.html

Login to the KeePass2 application (i.e. to unlock the database) using a combination of 1. and 2. below:

1. Something only you know. Use a master password (this does not need to be terribly complicated. It just needs to be easily memorised, in this case by HAT e.g. hertz**anxiety**toblerone**).

2. Something you only possess. Use a key-file (“HP LaserJet problems” which is stored innocuously within one of many documents (see below for example) on a USB drive. {see attached file}. A copy of this file can be backed up to your computer amongst several thousand files.

EDIT A simple alternative is to use an image (.jpg) file.

Password generator (up to 2048 characters):
https://passwordsgenerator.net/

The key-file can be used as a two factor authentication (2FA) for your KeePass2 database.

To open KeePass2, you normally only need a master password.

This is where the key-file comes into play. If someone steals your master password and password database, the database is still secure because the attacker also needs to steal your key-file to be able to unlock KeePass2.


Download & install KeePass2:
https://launchpad.net/~jtaylor/+archive/ubuntu/keepass

Type into a terminal:
Code:
    sudo apt-add-repository ppa:jtaylor/keepass
    sudo apt update
    sudo apt install keepass2
Attached Files
File Type: txt HP LaserJet problems.txt (3.6 KB, 107 views)

Last edited by beachboy2; 11-16-2019 at 02:11 AM.
 
Old 11-15-2019, 06:00 PM   #4
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,795

Rep: Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550Reputation: 550
Quote:
Originally Posted by bgstack15 View Post
I choose Keepass2. I have been using it for a very long time, and for silly reasons I like its UI better than KeepassXC's. I know nothing about the various codebases, however.
The databases are compatible and the only user interface I care about is 1.) click on site and 2.) right-click and select 'Copy password'. Not sure what else one would care about but different strokes, I guess.

My only beef about KeepassXC is the nondescript icon that came with it. Luckily I still have the source tree for an old version and can use the old, familiar icon.

Cheers...
 
Old 11-15-2019, 08:19 PM   #5
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 19,272
Blog Entries: 28

Rep: Reputation: 6123Reputation: 6123Reputation: 6123Reputation: 6123Reputation: 6123Reputation: 6123Reputation: 6123Reputation: 6123Reputation: 6123Reputation: 6123Reputation: 6123
I used KeepassX or a long time, them migrated to KeepassXC.

KeepassX was recommended to me by a Linux hosting provider when I did a short gig with them.

I have found both to be satisfactory.
 
Old 11-15-2019, 08:50 PM   #6
uteck
Senior Member
 
Registered: Oct 2003
Location: Elgin,IL,USA
Distribution: Ubuntu based stuff for the most part
Posts: 1,172

Rep: Reputation: 501Reputation: 501Reputation: 501Reputation: 501Reputation: 501Reputation: 501
Just to toss out another open source option; Bitwarden.
They have a free cloud sync that works with phones and desktops, or you can run your own server. I am using their cloud with the family plan for $1 a month so my wife and I can get access to each others vaults if needed.
https://help.bitwarden.com/article/w...ust-bitwarden/
Not only has been audited, but also has a bug bounty on HackerOne.
 
Old 11-15-2019, 09:33 PM   #7
cantab
Member
 
Registered: Oct 2009
Location: England
Distribution: Kubuntu, Ubuntu, Debian, Proxmox.
Posts: 553

Rep: Reputation: 115Reputation: 115
I use KeePassXC, though now that I think about it, I don't remember exactly why.

I expect both are secure as long as the OS they run on is not compromised, and conversely neither can be secure if the OS is compromised.
 
Old 11-16-2019, 04:54 AM   #8
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 19,872
Blog Entries: 12

Rep: Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053
Quote:
Originally Posted by lisamint View Post
As I don't understand anything about the codebase to properly assess which one (potentially) offers more security, what are your views on these two password managers in terms of security?
As long as you use it locally and on Linux only I think it does not matter much.
IMO, the encryption mechanism of both is sufficiently secure, but keepassxc might have a stronger one (it supports a newer keepass database format).

Quote:
Originally Posted by rnturn View Post
My only beef about KeepassXC is the nondescript icon that came with it.
My version 2.5.0 integrates nicely with the chosen icon theme.
 
Old 11-16-2019, 06:43 AM   #9
lisamint
Member
 
Registered: Nov 2019
Posts: 36

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by bgstack15 View Post
I choose Keepass2. I have been using it for a very long time, and for silly reasons I like its UI better than KeepassXC's. I know nothing about the various codebases, however.

Additionally: The mono dependency means that Keepass2 does not fully integrate into your desktop environment. And something must have borked up my mono setup because the fonts and UI have gotten slightly messed up, and long entries get truncated in weird ways. But that's a local implementation issue, I hope.
Thank you, bgstack15. I would not worry about how it looks like on your computer as long as Keepass2 does a great job (and it does).
 
Old 11-16-2019, 06:46 AM   #10
lisamint
Member
 
Registered: Nov 2019
Posts: 36

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by beachboy2 View Post
lisamint,

Another strong recommendation from me for KeePass2. It is free, open source, very secure and easy to use.

Regardless of password manager it is essential to use two factor authentication (2FA).

Two Factor Authentication:
http://www.geeksengine.com/article/keepass-2.html

Login to the KeePass2 application (i.e. to unlock the database) using a combination of 1. and 2. below:

1. Something only you know. Use a master password (this does not need to be terribly complicated. It just needs to be easily memorised, in this case by HAT e.g. hertz**anxiety**toblerone**).

2. Something you only possess. Use a key-file (“HP LaserJet problems” which is stored innocuously within one of many documents (see below for example) on a USB drive. {see attached file}. A copy of this file can be backed up to your computer amongst several thousand files.

EDIT A simple alternative is to use an image (.jpg) file.

Password generator (up to 2048 characters):
https://passwordsgenerator.net/

The key-file can be used as a two factor authentication (2FA) for your KeePass2 database.

To open KeePass2, you normally only need a master password.

This is where the key-file comes into play. If someone steals your master password and password database, the database is still secure because the attacker also needs to steal your key-file to be able to unlock KeePass2.


Download & install KeePass2:
https://launchpad.net/~jtaylor/+archive/ubuntu/keepass

Type into a terminal:
Code:
    sudo apt-add-repository ppa:jtaylor/keepass
    sudo apt update
    sudo apt install keepass2
Thank you, beachboy2, for all the information and the links. I actually use 2F2 by combining a long master password and a keyfile stored in another USB flash drive to unlock my database.

"It is free, open source, and very easy to use" - That also applies to KeepassXC.

My concern is more about whether the two points below may have any influence on the level of security:

1. the language is written (C# for Keepass2 and C++ for Keepass XC); and
2. the fact that Keepass2 uses mono (and therefore Microsoft .NET to adapt it to Linux) as oppossed to KeepassXC that has explicitly created a Linux-based version.

Thanks.

Last edited by lisamint; 11-16-2019 at 07:00 AM. Reason: Forgot to mention something else
 
Old 11-16-2019, 06:56 AM   #11
lisamint
Member
 
Registered: Nov 2019
Posts: 36

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by ondoho View Post
As long as you use it locally and on Linux only I think it does not matter much.
IMO, the encryption mechanism of both is sufficiently secure, but keepassxc might have a stronger one (it supports a newer keepass database format).


My version 2.5.0 integrates nicely with the chosen icon theme.
Thanks, ondoho. Of course, the database should always be stored locally rather than on a thrird-party service. However, I was more concerned about whether the two points below may have any influence on the level of security:

1. the language is written (C# for Keepass2 and C++ for Keepass XC); and
2. the fact that Keepass2 uses mono (and therefore Microsoft .NET to be able to use it in Linux) as oppossed to KeepassXC that has explicitly created a Linux-based version.

Thanks.
 
Old 11-16-2019, 06:58 AM   #12
lisamint
Member
 
Registered: Nov 2019
Posts: 36

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by cantab View Post
I use KeePassXC, though now that I think about it, I don't remember exactly why.

I expect both are secure as long as the OS they run on is not compromised, and conversely neither can be secure if the OS is compromised.
Thanks, cantab. Well, it is always assumed that the OS is not compromised.
 
Old 11-16-2019, 11:17 AM   #13
uteck
Senior Member
 
Registered: Oct 2003
Location: Elgin,IL,USA
Distribution: Ubuntu based stuff for the most part
Posts: 1,172

Rep: Reputation: 501Reputation: 501Reputation: 501Reputation: 501Reputation: 501Reputation: 501
If the password manager does auto fill for usernames and passwords, a malicious site could try and use an i-frame or the like to prompt an automatic fill and steal it.
And things like this can be done in such a way you don't see the page, and it is done fast so don't count on spotting it. So turn that off to be secure, but it is convenient.
 
Old 11-17-2019, 02:48 AM   #14
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 19,872
Blog Entries: 12

Rep: Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053
Quote:
Originally Posted by lisamint View Post
Of course, the database should always be stored locally rather than on a thrird-party service. However, I was more concerned about whether the two points below may have any influence on the level of security:

1. the language is written (C# for Keepass2 and C++ for Keepass XC); and
2. the fact that Keepass2 uses mono (and therefore Microsoft .NET to be able to use it in Linux) as oppossed to KeepassXC that has explicitly created a Linux-based version.
  1. doesn't matter
  2. Hmm. I certainly try to avoid this sort of stuff. So essentially you're asking "what if mono is vulnerable to remote attacks"? I don't know tbh.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Free Password Manager KeePassXC 2.5.0 Adds Paper Backup, Re-Enables Wayland Support LXer Syndicated Linux News 0 10-29-2019 09:39 PM
[SOLVED] how to access my KeePass2 on a Windows computer? Gregg Bell Linux - Newbie 2 02-13-2017 02:47 PM
KeePass2 inactivity problem andyvk Linux - Software 3 12-01-2014 06:47 PM
LXer: Need A Password Manager? Install KeePass2 In Ubuntu Natty LXer Syndicated Linux News 1 07-02-2011 05:34 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration