KeePass
Encyclopedia
KeePass Password Safe is an open-source
password management utility
for Microsoft Windows
, with unofficial ports for Linux
, Mac OS X
, and a variety of other systems.
The author makes several claims regarding the security of the control and its resistance to password revealing utilities; however, the author does not cite or make any references to any third-party testing of the control to corroborate the claims of its security.
The software can be tested, since the source code
is freely available.
Access to the database is restricted by either a master password or a key file. Both methods may be combined to create a "composite master key". If both methods are used, then both must be present to access the password database. KeePass version 2.x introduces a third option—dependency upon the current Windows user.
KeePass encrypts the database with the AES
or Twofish
symmetric ciphers. AES is the default option, and Twofish is available in 1.x, but is not available in version 2.x. However a separate plugin provides Twofish as an encryption algorithm.
Passwords are protected in memory while KeePass is running. On Windows Vista and Windows 7, passwords are encrypted in process memory using Windows Data Protection API, which allows storing the key for memory protection in a secure, non-swappable memory area. On previous Windows systems, KeePass falls back to using the ARC4 cipher with a temporary, random session key.
operating system, such as theming on XP, or relying on the .NET Framework
. KeePass supports XP themes, but doesn't require this operating system capability. However, KeePass 2.x — a complete rewrite of the program — is based on the .NET Framework. The application itself does not need to be installed, though KeePass 2.x requires that .NET be installed. A traditional Windows installer is available. You can download the binary ZIP
package which contains only the main executable and runs fine from portable devices like USB sticks.
The program doesn't create any new registry keys and it doesn't create any initialization file
s (ini) in the Windows directory. Deleting the KeePass directory (if the binary zip package is used) or using the uninstaller (if the installer package is used) leaves no trace of KeePass on the system.
A password database consists of only one file that can be transferred from one computer to another easily.
There are ports to operating systems other than Windows, mostly for the older 1.x release (for example KeePassX on Linux and Mac OS X which does not yet support KeePass 2.x databases).
Further, KeePass tracks the creation time, modification time, last access time, and expiration time of each password stored. Files can be attached and stored with a password record, or text notes can be entered with the password details. Each password record can also have an associated icon.
, XML
and CSV
. The XML output can be used in other applications and re-imported into KeePass using a plugin. The CSV output is compatible with many other password safes like the commercial closed-source Password Keeper and the closed-source Password Agent, also the CSVs can be imported by spreadsheet applications like Microsoft Excel or OpenOffice.org Calc
. Exports from these programs can be imported to KeePass databases. KeePass can parse and import TXT outputs of CodeWalletPro, a commercial closed-source password safe. It can import TXT files created by Bruce Schneier
's Password Safe
v2.
File format support can be expanded through the use of KeePass plugins. The HTML output uses Cascading Style Sheets
(CSS) to format the table, which makes it possible to change the layout.
Windows clipboard
handling allows to double-click on any field of the password list to copy its value to the Windows clipboard. KeePass can clear the clipboard automatically some time after the user has copied one of his passwords into it. KeePass features a protection against clipboard monitors (other applications won't get notifications that the clipboard content has been changed) and it has a paste-once functionality: allow only one paste operation, after pasting the clipboard is cleared automatically by KeePass.
and Mozilla Firefox
and fill in user details automatically. For Internet Explorer, there's also a browser integration toolbar
available.
that generates random passwords. Random seeding can be done through user input (mouse movement and random keyboard input).
Open-source software
Open-source software is computer software that is available in source code form: the source code and certain other rights normally reserved for copyright holders are provided under a software license that permits users to study, change, improve and at times also to distribute the software.Open...
password management utility
Password manager
A password manager is software that helps a user organize passwords and PIN codes. The software typically has a local database or a file that holds the encrypted password data for secure logon onto computers, networks, web sites and application data files. Many password managers also work as a form...
for Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
, with unofficial ports for Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
, Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
, and a variety of other systems.
Cryptography
According to the utility's author, KeePass was one of the first password management utilities to use security-enhanced password edit controls, in this case one called CSecureEditEx.The author makes several claims regarding the security of the control and its resistance to password revealing utilities; however, the author does not cite or make any references to any third-party testing of the control to corroborate the claims of its security.
The software can be tested, since the source code
Source code
In computer science, source code is text written using the format and syntax of the programming language that it is being written in. Such a language is specially designed to facilitate the work of computer programmers, who specify the actions to be performed by a computer mostly by writing source...
is freely available.
Access to the database is restricted by either a master password or a key file. Both methods may be combined to create a "composite master key". If both methods are used, then both must be present to access the password database. KeePass version 2.x introduces a third option—dependency upon the current Windows user.
KeePass encrypts the database with the AES
Advanced Encryption Standard
Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
or Twofish
Twofish
In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but was not selected for standardisation...
symmetric ciphers. AES is the default option, and Twofish is available in 1.x, but is not available in version 2.x. However a separate plugin provides Twofish as an encryption algorithm.
Passwords are protected in memory while KeePass is running. On Windows Vista and Windows 7, passwords are encrypted in process memory using Windows Data Protection API, which allows storing the key for memory protection in a secure, non-swappable memory area. On previous Windows systems, KeePass falls back to using the ARC4 cipher with a temporary, random session key.
Portability
KeePass 1.x does not use any functions that require the latest WindowsMicrosoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
operating system, such as theming on XP, or relying on the .NET Framework
.NET Framework
The .NET Framework is a software framework that runs primarily on Microsoft Windows. It includes a large library and supports several programming languages which allows language interoperability...
. KeePass supports XP themes, but doesn't require this operating system capability. However, KeePass 2.x — a complete rewrite of the program — is based on the .NET Framework. The application itself does not need to be installed, though KeePass 2.x requires that .NET be installed. A traditional Windows installer is available. You can download the binary ZIP
ZIP (file format)
Zip is a file format used for data compression and archiving. A zip file contains one or more files that have been compressed, to reduce file size, or stored as is...
package which contains only the main executable and runs fine from portable devices like USB sticks.
The program doesn't create any new registry keys and it doesn't create any initialization file
Initialization file
The INI file format is a standard for configuration files for some platforms or software. INI files are simple text files with a basic structure composed of "sections" and "properties"....
s (ini) in the Windows directory. Deleting the KeePass directory (if the binary zip package is used) or using the uninstaller (if the installer package is used) leaves no trace of KeePass on the system.
A password database consists of only one file that can be transferred from one computer to another easily.
There are ports to operating systems other than Windows, mostly for the older 1.x release (for example KeePassX on Linux and Mac OS X which does not yet support KeePass 2.x databases).
Password management
Passwords stored by this application can be further divided into manageable groups. Each group can have an identifying icon. Groups can be further divided into subgroups in a tree-like organization.Further, KeePass tracks the creation time, modification time, last access time, and expiration time of each password stored. Files can be attached and stored with a password record, or text notes can be entered with the password details. Each password record can also have an associated icon.
Import and export
The password list can be exported to various formats like TXT, HTMLHTML
HyperText Markup Language is the predominant markup language for web pages. HTML elements are the basic building-blocks of webpages....
, XML
Extensible Markup Language
Extensible Markup Language is a set of rules for encoding documents in machine-readable form. It is defined in the XML 1.0 Specification produced by the W3C, and several other related specifications, all gratis open standards....
and CSV
Comma-separated values
A comma-separated values file stores tabular data in plain-text form. As a result, such a file is easily human-readable ....
. The XML output can be used in other applications and re-imported into KeePass using a plugin. The CSV output is compatible with many other password safes like the commercial closed-source Password Keeper and the closed-source Password Agent, also the CSVs can be imported by spreadsheet applications like Microsoft Excel or OpenOffice.org Calc
OpenOffice.org Calc
OpenOffice.org Calc is the spreadsheet component of the OpenOffice.org software package.Calc is similar to Microsoft Excel, with a roughly equivalent range of features. Calc is capable of opening and saving most spreadsheets in Microsoft Excel file format...
. Exports from these programs can be imported to KeePass databases. KeePass can parse and import TXT outputs of CodeWalletPro, a commercial closed-source password safe. It can import TXT files created by Bruce Schneier
Bruce Schneier
Bruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet...
's Password Safe
Password Safe
Password Safe is a free and open source software program for storing passwords in Microsoft Windows. A beta version is also available for Ubuntu and Debian operating systems. A Java-based version is also available on SourceForge.- Design :...
v2.
File format support can be expanded through the use of KeePass plugins. The HTML output uses Cascading Style Sheets
Cascading Style Sheets
Cascading Style Sheets is a style sheet language used to describe the presentation semantics of a document written in a markup language...
(CSS) to format the table, which makes it possible to change the layout.
Auto-type, global hot keys, drag-and-drop
Auto-type, global auto-type hot key combination and drag-n-drop support: KeePass can minimize itself and type the information of the currently selected entry into dialogs, webforms, etc. KeePass features a global auto-type hot key. When KeePass is running in the background (with opened database) and you press the hot key, it looks up the correct entry and executes its auto-type sequence. All fields, title, username, password, URL and notes can be drag-n-dropped into other windows.Windows clipboard
Clipboard (software)
The clipboard is a software facility that can be used for short-term data storage and/or data transfer between documents or applications, via copy and paste operations...
handling allows to double-click on any field of the password list to copy its value to the Windows clipboard. KeePass can clear the clipboard automatically some time after the user has copied one of his passwords into it. KeePass features a protection against clipboard monitors (other applications won't get notifications that the clipboard content has been changed) and it has a paste-once functionality: allow only one paste operation, after pasting the clipboard is cleared automatically by KeePass.
Browser Support
The auto-type functionality works with all windows, and consequently with all browsers. The KeeForm extension allows to open websites with Internet ExplorerInternet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...
and Mozilla Firefox
Mozilla Firefox
Mozilla Firefox is a free and open source web browser descended from the Mozilla Application Suite and managed by Mozilla Corporation. , Firefox is the second most widely used browser, with approximately 25% of worldwide usage share of web browsers...
and fill in user details automatically. For Internet Explorer, there's also a browser integration toolbar
Toolbar
In a graphical user interface, on a computer monitor, a toolbar is a GUI widget on which on-screen buttons, icons, menus, or other input or output elements are placed. Toolbars are seen in office suites, graphics editors, and web browsers...
available.
Built-in password generator
KeePass features a built-in password generatorRandom password generator
A random password generator is software program or hardware device that takes input from a random or pseudo-random number generator and automatically generates a password...
that generates random passwords. Random seeding can be done through user input (mouse movement and random keyboard input).
Plugins
KeePass has a plugin architecture. There are various plugins available on the KeePass homepage (import/export from/to various other formats, database backup, integration and automation, etc.). Note that plugins may compromise the security of KeePass, because they are written by independent authors and have full access to the KeePass database.Other versions
- KeePassX, a multi-platform open-source KeePass clone for LinuxLinuxLinux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
and Mac OS XMac OS XMac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
, built using version 4.3 of the Qt librariesQt (toolkit)Qt is a cross-platform application framework that is widely used for developing application software with a graphical user interface , and also used for developing non-GUI programs such as command-line tools and consoles for servers...
. , databases created by KeePassX 0.4.3 are binary-compatible with databases created by the version 1.x of KeePass but not newer version 2.x databases. However, KeePass 2.x can export its database in KeePass 1.x format for use with KeePassX. - 7Pass for Windows Phones, a Windows mobile port of KeePass for Windows Phone 7 devices
- KeePass for Blackberry, a Blackberry port of KeePass for RIM devices
- KeePassMobile, KeePass port for mobile phones (Java MEJava Platform, Micro EditionJava Platform, Micro Edition, or Java ME, is a Java platform designed for embedded systems . Target devices range from industrial controls to mobile phones and set-top boxes...
) - KeePass for J2ME, a Java MEJava Platform, Micro EditionJava Platform, Micro Edition, or Java ME, is a Java platform designed for embedded systems . Target devices range from industrial controls to mobile phones and set-top boxes...
port of KeePass for mobile phones - iKeePass for iPhone, a port of KeePass for the iPhone, compatible with versions 1.x
- MyKeePass for iPhone, compatible with versions 1.x and 2.x
- KeePassDroid, a port of KeePass for the Android platform
- KeePass for SmartDevices, a port of KeePass for Windows MobileWindows MobileWindows Mobile is a mobile operating system developed by Microsoft that was used in smartphones and Pocket PCs, but by 2011 was rarely supplied on new phones. The last version is "Windows Mobile 6.5.5"; it is superseded by Windows Phone, which does not run Windows Mobile software.Windows Mobile is...
and PocketPC devices - KyPass for iPhone/iPad, a fork of MyKeePass with full dropbox support
- KeePass for Mac OS X, using Mono.
See also
- Apple KeychainApple KeychainKeychain is Apple Inc.'s password management system in Mac OS. It was introduced with Mac OS 8.6, and has been included in all subsequent versions of Mac OS, including Mac OS X...
- BilleoBilleo-External links:****...
- iMacros for FirefoxIMacrosiMacros is an extension for the Mozilla Firefox, Google Chrome, and Internet Explorer web browsers which adds record and replay functionality similar to that found in web testing and form filler software. The macros can be combined and controlled via JavaScript. Demo macros and JavaScript code...
- LastPassLastPassLastPass Password Manager is a freemium password management program developed by LastPass. It is available as a plugin for Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and Safari...
- MittoMittoMitto is a free online password management site that works on any standards-compliant web browser such as Google Chrome, Mozilla Firefox, Safari, and Internet Explorer. For website passwords, Mitto can automatically log users in through an online interface, through a special bookmarklet, or through...
- PageoncePageoncePageonce develops mobile applications to help consumers manage and simplify their daily financial lives. Pageonce has its own account aggregation technology unlike other services that license their account aggregation technology from Yodlee...
- Password managerPassword managerA password manager is software that helps a user organize passwords and PIN codes. The software typically has a local database or a file that holds the encrypted password data for secure logon onto computers, networks, web sites and application data files. Many password managers also work as a form...
- Password SafePassword SafePassword Safe is a free and open source software program for storing passwords in Microsoft Windows. A beta version is also available for Ubuntu and Debian operating systems. A Java-based version is also available on SourceForge.- Design :...
- RoboformRoboformRoboForm is a password management and web form filling program that automates password entering and form filling, developed by Siber Systems, Inc. It is available for many web browsers, including Internet Explorer , Firefox, Google Chrome, as well as support for mobile devices such as Palm, Pocket...
- Sticky Password ManagerSticky Password ManagerSticky Password Manager is a form filler and password management program. It allows computer users to create and manage their passwords and other data that is typically entered into online forms. Sticky Password remembers and automatically fills in login, password and other personal data fields...