KeePassX Replacement

Home » CentOS » KeePassX Replacement
CentOS 22 Comments

I have been using the KeePassX password manager on CentOS 6 and 7 for some time and it works pretty well. On my Windows machine I use KeePass which offers a number of features missing from KeePassX, I also sync the database between several machines, including Android units where I use keepass2android. Database compatibility is thus required.

KeePassX, however, does not seem to be maintained any more, the last update was just a bit less than a year ago. It also has some annoying bugs, including where switching keyboards on the computer corrupts the username and the password if they include any character outside the ASCII range.

There seems to be a community fork called KeePassXC and I would like to ask if anyone is using this password manager? It is not in EPEL, nor in any other standard repository, only through an unofficial repository at https://copr.fedorainfracloud.org/coprs/bugzy/keepassxc/,

22 thoughts on - KeePassX Replacement

  • I have been using KeePassXC (though mostly on Debian) for quite a while now and am happy to report it works well. Nothing springs to mind that annoys me and it’s a decent drop in replacement.

    My setup sounds pretty similar to your own (also use keepass2android, though not KeePass on Windows).

    I would be inclined to compile from source yourself rather than use an unofficial repo you have no reason to trust for such a sensitive application.

    I’m not trying to besmirch the good name of copr.fedorainfracloud.org/bugzy but I’ve never heard of them and if you hadn’t either that would give me pause for thought before I let their binaries at my passwords.

  • AFAIK the KeePassXC is a package in Fedora, so it could be trusted.

    I replaced KeePassX 1.x with this with a extra step of upgrading to KeePassX 2.x first.

    //Zdenek

  • I’m in a similar position presently, evaluating at password manager apps and had also come across that KeePassXC build.

    I briefly installed the above package to evaluate and also intend to rebuild it for my own use. Another concern for me was the use of the
    ‘CentOS’ dist tag when the package clearly isn’t a ‘CentOS’ package. I’ve got as far as confirming the validity of the source tarball in the SRPM and checking the SPEC file. Everything looks fine, but as previously mentioned I would still rebuild such a sensitive package for my own use.

    The only other potential issue I see is that the latest KeePassXC
    requires a newer version of libgcrypt, which the repo above packages as libgcrypt16 (libgcrypt version 1.6.6) on el7. The release of 1.6 broke ABI compatibility with version 1.5 in el7. I have not tried building KeePassXC against libgcrypt-1.5 in el7 to know if that is viable.

  • I’ve just looked at the ABI changes, and can confirm that the latest version of KeePassXC uses the GCRY_CIPHER_SALSA20 cipher function added in libgcrypt-1.6, so users will also need to install a newer version of libgcrypt alongside version 1.5 in el7.

  • H wrote:

    Are you aware that KeePass 2 works under Linux, with mono? There are also ports for Android, but I’ve never tried them.

    You may have reasons to prefer KeePassX over KeePass 2, though.

  • I for one use keepassx. My password database is synchronized between variety of systems, and I can view/edit it on: CentOS, FreeBSD, MS
    Windows, Android (and should be able on any derivatives of those). I
    didn’t try iOS as currently I don’t have a need in that.

    Incidentally, does anybody know if there is any necessity in keepassx to be patched? Did I read the original post correctly: there is no activity on the development site for long time? Should there be any? (As, I would say for comparison: cvs is so established software that there is no development to expect, only if there are any security holes found those need to be patched). Any insight on KeePassX anybody?

    Valeri

    ++++++++++++++++++++++++++++++++++++++++
    Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
    ++++++++++++++++++++++++++++++++++++++++

  • hello

    using keepassx probably for 10 years or so across linux,win,mac,ios

    in late 2015 there was a security issue found and folks @ keepassx.org patched it fairly quickly and patch propagated up to epel quickly as well …

    passwd manager {non-cloud ones} , in my opinion, is a “static” concept … unless no issues with the underlying frameworks, what’s there to patch …

    F-

  • keepassx.org shows the latest release as October 2016 (and the main page shows “2005-2017” so someone is updating it), if I found the right keepass 2 (keepass.info) it was updated in June 2017. I do remember receiving a security alert to upgrade keepassx (since I use it) quite some time back (but not years ago).

    —– Original Message —

  • When I mentioned I use KeePassX on FreeBSD, Linux, Windows and Android, I
    failed to mention the name of Android application I access KeePassX
    database with. It is

    KeePassDroid

    With KeePassDroid in the mix all of your system choices seem to be covered.

    I also didn’t mention that when we choose application like that we investigate how well security wise the author(s) thought it through. KeePassX shined in that respect from multiple prospectives. I joined then the support for nomination of KeeePassX author for award (never new if he won that). One of the features I remember that impressed me: it creates encryption key from your passphrase by hashing that about 1,000,000 times over and over again. This basically slows brute force attack by the same factor. That time I estimated that if I lost, say, my pocket device and bad guys got hold of my keepassx encrypted password database, they will need about a Month to crack that if they have at their disposal whole composed computing power of my University. So, I have plenty of time to change all passwords if that happens.

    This if why we stay with the tools we chose for long-long time: it takes significant effort to select the great ones. It is almost same costly effort as hiring new employee.

    Just my $0.02

    Valeri

    ++++++++++++++++++++++++++++++++++++++++
    Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
    ++++++++++++++++++++++++++++++++++++++++

  • I found KeePassX for Linux lacking compared to KeePass on Windows, specifically:

    – It does not support references; and

    – When switching keyboards, characters in the password (possibly even userid) are switched, almost like it is storing key codes rather than characters. Big annoyance for me since I need to make sure to always switch back to the US English keyboard when using AutoFill.

  • I have installed keypass2android on my phones which should be able to use the same database but have not tried it to see how to actually use a password manager on a touchscreen device… Apparently there are also concerns about apps having “unlimited” access to the clipboard so one should use the keepass2android keyboard. Sounds like a hassle…

  • Incidentally a colleague suggested Lastpass. He however uses it with a YUBI-dongle though.

    Installed Googles Authenticator on my Android phone to test stuff, which is
    “sort of” a similar take as the dongle.

    Do any of you also use a Yubi-dongle for securing stuff like this?
    I feel it seems like a hassle with another gadget to keep track of.

LEAVE A COMMENT