
KeepassC – Curses based keepass written in Rust - Immortalin
http://raymontag.github.io/keepassc/
======
schmrz
> [Rust] allows me to realize my vision of a secure password manager which is
> not possible with Python.

Not trying to debunk this or anything, but could anyone expand on this (eg.
what does secure mean in this context)? Has the author written somewhere about
his decision (I couldn't find anything)?

~~~
pornel
My guesses:

\- ability to reliably erase memory that held passwords/keys with assurance it
wasn't copied accidentally. AFAIK Python doesn't guarantee zeroing of freed
memory.

\- type safety, error handling enforced by the type system, and race-
condition-free concurrency might be an extra assurance.

~~~
Gankro
What makes you think there's a reliable way to zero memory in Rust?

~~~
pornel
The fact that a systems programming language must have a way to do this, and
Rust sort-of has: (it'd be better if it was a stable API though)

[https://doc.rust-
lang.org/core/intrinsics/fn.volatile_set_me...](https://doc.rust-
lang.org/core/intrinsics/fn.volatile_set_memory.html)

I know it's very tricky in presence of an optimizer. The current
implementation in KeePassC uses the pointer after memset in Drop, so it might
be just lucky ([https://github.com/raymontag/rust-
keepass/issues/4](https://github.com/raymontag/rust-keepass/issues/4)).

~~~
Retra
I think you could just use black_box to get around the optimizer:

[http://doc.rust-lang.org/1.1.0/test/fn.black_box.html](http://doc.rust-
lang.org/1.1.0/test/fn.black_box.html)

I've never actually tried it outside of tests, so I don't know if it applies
here.

------
DanBC
I love this.

I'm a bit surprised that there isn't currently a Linux distro that focuses on
curses/ncurses apps. And if anyone is looking for the gap in the curses market
there's no word processors. (Plenty of text editors though.)

~~~
ge0rg
Maybe this is due to a lack of proper widget toolkits. Curses is a real pain
to program, and creating sophisticated UIs with it is borderline impossible.
Things like dialog are not very flexible, and TurboVision (the best looking
CUI ever) never took off, probably because of the lame C port.

~~~
creshal
Termbox is an "alternative", but it's, while easier to use, even more low-
level. It's a shame there's no decent, modern high-level UI toolkit for
terminals.

------
ubernostrum
Why does the headline say "written in Rust" when the linked page says it's
written in Python 3 (and the repository is full of Python and no Rust)?

~~~
kirushik
There is a different repo for Rust implementation:
[https://github.com/raymontag/rust-keepass](https://github.com/raymontag/rust-
keepass)

I guess, OP posted the link to the blog post to highlight some reasoning
behind the switch, not the code itself.

------
chromano
Does anyone here use www.passwordstore.org? I read through the source and I
simply love how simple things are... therefore I wonder why something like
keepass is preferred over passwordstore?

~~~
kapep
It seems that passwords are stored in files with plain text names that
identify the website, service, etc. that the password is used for. Most other
password managers don't expose this kind of information.

I haven't looked at those 3rd party clients mentioned on their website but I
would say a console based command isn't an option for most people when there
are password managers that come with a simple management gui and a convenient
keyboard shortcut that insert the right account and password information
directly into html login forms in your browser.

------
aktau
Last I tried keepassc (about a month ago, definitely the python3 version), I
couldn't find a way to make it load my .kdbx file which I routinely open/edit
with keepassx. I tried renaming it to <something>.kdb and that didn't do it
either. I didn't look that much into it but here goes: is my use case actually
unsupported?

~~~
dnlrn
.kdb and .kdbx are two totally different formats. .kdb is used by KeePass and
KeePassX, .kdbx is used by KeePass 2 and KeePassX 2.0 (currently Beta).

------
avinassh
what is the meaning of: curses-based password manager

~~~
Cederfjard
Not to be glib, but:

[https://en.wikipedia.org/wiki/Curses_(programming_library)](https://en.wikipedia.org/wiki/Curses_\(programming_library\))

[https://en.wikipedia.org/wiki/Password_manager](https://en.wikipedia.org/wiki/Password_manager)

