from Hacker News

KeePassXC 2.5.2

by varjolintu on 1/5/20, 6:00 AM with 75 comments

  • by arminiusreturns on 1/5/20, 7:26 AM

    XC is where it's at imho. It's not perfect, but it improves upon KeePassX a KeePass improvement itself. It's fast, cross platform, and has decent encryption options. It's probably not for sharing with a team of any size, though I have done it and fought with locking via outside communication, but I just hate all the enterprisey cloud password managers that live so close to a browser, and find myself going back to keepassxc (and gpg and ansible vault).

    There is room for growth in the business passman market.

  • by photonios on 1/5/20, 1:31 PM

    I used the original KeePass 2 client for a long time but at some point I looked for a more stable and good looking client. Since I am mainly a macOS user, I found MacPass [1]. I highly recommend it for any mac users. Its been nothing but stable and good for me.

    [1] https://macpassapp.org/

    Disclaimer: Not affiliated with MacPass in any way.

  • by newscracker on 1/5/20, 12:00 PM

    Is there a good “secrets manager” or “encrypted information manager” that’s free (preferably also open source) or quite cheap (not subscription based), is multi-platform (including mobile) and supports auto-fill in other applications (especially browsers)?

    Password managers with password generators and 2FA code generators are ok for work related use, but they usually may not cover other pieces of information, like credit/debit cards, software licenses, identification cards, hardware/appliances, etc. Adding custom fields in each entry by oneself isn’t a great option. Perhaps it’s not a great idea (even with a very strong master password) to put all the information in one database, but I see value in being able to store, retrieve and auto fill different kinds of information (even if some may seem too complex to define in a generic schema).

    I already tried Bitwarden, but it covers only passwords, cards and identities (plus secure notes).

  • by swejo on 1/5/20, 3:54 PM

    I use XC for passwords I'm not allowed to store in the cloud.

    My favorite cloud provider is BitWarden[1], which I believe was the first cloud password service supporting hardware keys.

    [1] https://bitwarden.com/

  • by wufocaculura on 1/5/20, 10:47 PM

    Looking for some advice here. I am generally happy with KeePassXC (switching from browser-remembered passwords was a big step forward for me), but I have a feeling that it might not be a perfect solution for me.

    I have four devices that are being used on almost-daily basis: - work PC - home PC, - laptop, - smartphone

    work and home PCs are often on at the same time leading to a situation where I have KeePassXC database open - it happens I just leave home/work without closing / locking the database (or it prompts database modified - save?) which might lead to some desync scenarios (it already happened to me).

    So I think I need something that will not keep local database as KeePassXC does, but will use online store. I am not a big cloud fan, so would prefer to host in on my own infra.

    My requirements: - self-hosted - online (some API-based), - cross-platform (at least Windows/Android but with Linux in mind) - browser-aware completion (similar to KeePassXC) - Firefox + maybe chrome,

    Is bitwarden a way to go? Or is there something better?

  • by novirium on 1/5/20, 7:35 AM

    Fixing the browser URL subdomain matching issue suddenly makes this usable again, which is great news!

    I've gotten used to the painless ssh-agent integration KeepassXC has and really wasn't looking forward to trying to switch to another manager...

  • by noisy_boy on 1/5/20, 8:54 AM

    I have been using KeePassXC and am quite satisfied with it. Hope they add the option of being able to specify multiple URLs e.g. for some apps, the URL scheme is androidapp://... which doesn't work with fetching favicons.

  • by dmos62 on 1/5/20, 10:20 AM

    I use git to version my Keepass database files. It's not great, because if you store binary files inside the Keepass database, the git repo's size grows very fast. I do it because I don't trust the apps I use to not corrupt the file. Does anyone have alternative solutions?

    Something like pass lends itself ideally to version control, but all my entries' metadata (names, dates) are visible, which is a problem for me. I want to be able to store my secret database even on untrusted infrastructure.

    Currently, I'm pondering storing big or often updated binary data separately from the passphrases and similar low-footprint data.

  • by hannibalhorn on 1/6/20, 12:46 AM

    For anyone that's used both, any impressions on how XC compares to BitWarden?

    I've been looking to switch from my older copy of 1Password - I don't care about cloud support, beyond letting me keep the encrypted data in Dropbox or similar, but I really appreciate a good browser extension and mobile app.

  • by JohnTHaller on 1/5/20, 5:27 PM

    The new release is available in PortableApps.com Format as well: https://portableapps.com/apps/utilities/keepassxc-portable

  • by retrobox on 1/5/20, 1:18 PM

    I really love all the work that has gone in to XC but I preferred the original look and feel of Keepass 2. I feel the need to get over that and try XC again. It’s great to see it continuing to get development and new features.

  • by C14L on 1/5/20, 3:32 PM

    I noticed in the screenshots that KeePassXC can show TOTP for an entry. Doesn't it limit the usefulness of a TOTP, if both the password and the TOTP seed are stored in the same location? Or am I missing something?

  • by Brian_K_White on 1/5/20, 9:06 AM

    I just wish I could convince them that specifying a monospace font is not the same as specifying an unambiguous font, and it matters because not everything is cut & pastable.

    In the password fields, I don't know how anyone either writing or using a password manager doesn't consider unambiguous glyphs to be critical. It's a password manager not a greeting card designer.

    They think they have solved this by specifying the font to be monospace in the password fields (maybe notes too I don't remember).

    I submitted an issue complete with pictures of passowords written in monospace fonts in KeePassXC where the characters are ambiguous.

    It shouldn't even require pictures to convey the problem. Once someone says "the property "monospace" and the property "unambiguous" are two dufferent properties. It's an unsafe and in fact broken assumption.", you'd think that would shed all the light necessary.

    But what more do you do when tbey don't see it even WITH pictures? Fork it yet again? Just to add a config option to let the user or desktop integrator select an arbitrary font for some display fields?

    What really bugs me is, they didn't say "yeah that would be better but it's hard and we don't know when anyone might get to it" No, they think it's already done.

    Failing to get that idea across really made me wonder about the parts of their work that aren't so visible.