

KeePass 2.14 released - thefox
http://sourceforge.net/news/?group_id=95013&id=295786

======
alanpca
I recently remedied a problem that I was having, which was importing my Chrome
bookmarks into Keepass. I figure that this could also help some of the folks
on HN, so here is the info:

writeup: [http://alanp.ca/blog/2011/01/01/export-google-chrome-
passwor...](http://alanp.ca/blog/2011/01/01/export-google-chrome-passwords-to-
keepass/) Github: <https://github.com/alanpca/chrome2keepass>

------
snitko
I really like KeepPass and I use it on all of my computers (Ubuntu and
MacOSX). It's so awesome that it's available on all three major platforms
including Windows. What I'd like to see, though, is iPhone, Android and
webapps - all syncing through a remote server (Dropbox, maybe?). That would
make this thing absolutely awesome.

~~~
Kejistan
There already are versions of KeePass available on Android and iPhone (and
windows phones too it seems). So I guess the only thing missing at this point
is a webapp version.

------
wanderr
Did they ever add a way to make it not clear your clipboard after pasting? I
know you could delay the clearing but that just resulted in randomly losing
stuff from the clipboard while working, even more annoying than the original
problem.

------
gregwebs
KeePassX has been available for Linux for a while now.
<http://keepassx.sourceforge.net/>

I may try running kepass on Mono now to get all the features of version 2

~~~
wwortiz
Mono and keepass has been working great for me on linux, you do have to
install a few extra things to get it working on ubuntu and xdotool with a
higher version than is supplied by 10.10 if you want autofill.

~~~
gregwebs
I am seeing buggy behavior on Ubuntu- the File drop down isn't droppping down.
It also won't import my version 1 db, telling me that must be done from
Windows.

I will probably stick with KeePassX- there isn't anything wrong with it and
none of the Keepass version 2 features seem look like game changers.

------
mariana
Why not use something very simple like SuperGenPass?
<http://supergenpass.com/>

~~~
Lagged2Death
There's a thread on StackOverflow about the safety of SuperGenPass:

[http://stackoverflow.com/questions/554224/is-the-
bookmarklet...](http://stackoverflow.com/questions/554224/is-the-bookmarklet-
password-generator-from-supergenpass-com-safe-to-use/)

I thought the criticisms by "Mike" were pretty convincing, although I'm not an
expert in software security or cryptography.

Starting with the source of a simpler JavaScript password generator:

<http://www.angel.net/~nic/passwdlet.domain.html>

I did a little noodling around and found it's perfectly practical to use even
several thousand iterations of a newer hash algorithm (SHA2-256) to produce
passwords, rather than a few dozen iterations of an obsolete one. That should
address some of the cryptographic concerns. It's also perfectly possible for
the script to accept the master password through a JavaScript popup rather
than from a text box inserted into the current page. That should address
concerns about a "malicious webmaster" type attack.

So some of the most important criticisms of SuperGenPass (which is undeniably
very slick and pleasant to use) are at least addressable.

------
zdw
other sysadmins - don't you hate how all your users end up using very simple
or duplicate passwords on everything, causing you eventual security problems?

If so, why isn't this, or something like it, preinstalled on all the client
computers you have?

~~~
w1ntermute
Because most users wouldn't use it. How do you access your passwords on a
computer that doesn't have Keepass installed? I think only LastPass has a way
of doing this. And sysadmins don't like trusting 3rd party services.

~~~
roel_v
_How do you access your passwords on a computer that doesn't have Keepass
installed?_

\- By keeping the pw database in a Dropbox folder, along with a standalone
version of keepass itself. No need to ever install. \- By using a phone
version of keepass to access the Dropbox pw database, thus always ensuring
access to passwords. \- In emergency situations, by downloading the above-
mentioned db and software through the dropbox website, ready to use on any
machine.

(all of the above are made more difficult by the switch of 2.x series to .Net,
a switch without a good reason, too, so caveat emptor etc. Keepass once looked
like a great project but this dichotomy is a disaster.)

~~~
w1ntermute
> By keeping the pw database in a Dropbox folder, along with a standalone
> version of keepass itself.

This causes the same problem as LastPass - reliance on a 3rd party service.

~~~
roel_v
Well if you're that worried about Dropbox going away and needing access to
your passwords in between the point it shuts down and you noticing and setting
up a replacement, use webdav with your own server, or hack up an rsync/cron-
based concoction that will do roughly what Dropbox does in this context. There
are 100's of ways to synchronize a file across computers, it's just that
Dropbox is by far the most conveniet at this point in time.

