
KeePassXC 2.4.3 - louib
https://keepassxc.org/blog/2019-06-11-2.4.3-released/
======
Jonnax
I was only aware of Keepass itself. What are the differences between
KeypassXC, KeepassX and Keepass?

~~~
mrrsm
KeePass is the original project. It is an open source dotnet application. The
source code, as of the last time I checked, is released as a tar/zip with the
binaries only.

KeePassX is an open source c++ application. It was one of the cross platform
applications to manage KeePass databases. It has not been under very active
development for a while.

KeePassXC is a fork of KeePassX which is under active developement. They have
added many features and improvements and has stayed up to date with kdbx
updates.

~~~
packet_nerd
KeePassXC is fantastic, I especially like the good Yubikey integration. The
one small feature I miss from the original KeePass was the password templates.
I like all my passwords to follow a grouped pattern so its easier to type into
a phone or something while still being strong.

~~~
arunc
Keepass has templates for password generators. You can create custom templates
as well. I've been using it since 2008 without any issue.

~~~
Meph504
do you mean keepassXC? His statement was saying he missed this feature that is
in keepass.

------
jeltz
While I love KeePassXC this is just a minor bug fix release.

~~~
Lendal
It is, but the 2.4 release introduced integrated updates. I was still on 2.3
and wasn't aware of this, or that my KeePass was out of date until I saw this
this morning. So I am thankful for the heads up. :)

------
theandrewbailey
I switched to KeePassXC a few months ago (from KeePass). It was a no brainer
when I noticed that I didn't need plugins anymore, since SSH keys, TOTP, and
browser integration came out of the box.

------
ComodoHacker
KeePassXC still lacks in-memory protection, so I stay with KeePass, with all
its .NET troubles.

~~~
antongribok
I thought that it did now. For example this PR:
[https://github.com/keepassxreboot/keepassxc/pull/3020](https://github.com/keepassxreboot/keepassxc/pull/3020)

Edit: Also, see this PR:
[https://github.com/keepassxreboot/keepassxc/pull/371](https://github.com/keepassxreboot/keepassxc/pull/371)

~~~
masklinn
[https://github.com/keepassxreboot/keepassxc/issues/2718#issu...](https://github.com/keepassxreboot/keepassxc/issues/2718#issuecomment-466160954)

I'd guess it's this one:

> KeePassXC also cannot prevent data extraction from a hibernation file which
> stores your computer's memory to disk when going to sleep.

KeePass uses DPAPI so password-storage memory is not written to swap (and I
guess hibernatefile) in cleartext. Note that this doesn't protect against
reading the memory directly[0].

Though (on unices) it doesn't mention mlock(2) either.

[0] [https://www.securityevaluators.com/casestudies/password-
mana...](https://www.securityevaluators.com/casestudies/password-manager-
hacking/) subsection "Exposure of Cleartext Entries in Memory" of the Keepass
section

------
giancarlostoro
Been using BitWarden since I stopped using LastPass (lost my 10 year old
vault) anybody know of any good reviews of all the different types of password
managers that go into the security flaws / considerations?

~~~
kekebo
There are a couple of recent posts / discussions on HN regarding the topic:
[https://hn.algolia.com/?query=password%20manager&sort=byPopu...](https://hn.algolia.com/?query=password%20manager&sort=byPopularity&prefix=false&page=0&dateRange=pastYear&type=story)

------
amaccuish
Anyone got any good recommendations for an iOS client. I've just moved from
android and there's several but not sure which to pick, which are opensource
etc.

~~~
varjolintu
Strongbox is the best one right now. It supports KDBX 4, while older
minikeepass doesn't.

~~~
amaccuish
Ye I'm using that right now but 25.99 GBP is a lot for me as a student. I know
software development isn't free, don't mind paying say 10, but 25.99 is quite
a stretch for me :(

------
koolba
Anybody know if they've fixed (or plan to fix) the sort by latest modification
date of all records? That was the one missing feature from going from KeePassX
to KeePassXC.

~~~
noisy_boy
I am able to sort by latest modification date (not sure if thats what you
meant).

------
mieses
I switched from KeePass to KeeWeb because of the user interface and Google
Drive integration. KeeWeb is an open source cross platform Electron app.

------
alexnewman
Why should I switch from pass (git+pgp) to keepassx ?What's one feature in
keepassx nto in pass/passx

~~~
ufo
For me the biggest difference is that you have a single encrypted database
file, and that no metadata is stored unencrypted. By default, pass uses file
names as keys, so website names are stored in the clear. (To fix this on
pass.you need to use pass-tomb, which I found very clunky, and could never get
working quite right)

Another thing I like about keepassxc is that it has lots of features. It comes
with a flexible passwird generator, has a friendly GUI UI, can be integrated
to the web browser using an extension, and there are compatible android apps
you can use on your phone.

~~~
benoliver999
I agree about the metadata. I like pass but it's a flaw for sure. At least
it's upfront about it.

Most other issues are covered with pass, like a good android app etc etc.

~~~
elagost
You could always use pass-tomb, which is an extension that stores the entire
tree encrypted.

[https://github.com/roddhjav/pass-
tomb#readme](https://github.com/roddhjav/pass-tomb#readme)

~~~
ufo
As I mentioned further up, pass tomb needs to be installed separately (which
is not trivial depending on your distro) and is clunky to use. AFAIK it also
cannot be used to encrypt the password database on Android.

It also really bugs me that an important security feature like this one is not
the default.

~~~
alexnewman
tomb seems fine on ios and android. I don't use it though

------
diehunde
Is it possible to sync your passwords with other devices?

~~~
ativzzz
Yes, you can store the database file in a shared drive (not sure that's proper
security though)

~~~
ufo
That is secure as long as you have a good master password

~~~
packet_nerd
KeePassXC works really well with Yubikey too. I use a Yubikey and a short pin
for the password.

