
KeePass 2.37 has been released - Santosh83
https://keepass.info/news/n171012_2.37.html
======
Fej
KeePass is the perfect example of simplicity over complexity. It does exactly
what it sets out to do and it does it well. Unlike online services, I trust it
wholeheartedly, because it is free software, well-built, simple, and basically
a fancy XML parser with encryption.

 _The less it does, the fewer ways it can break or be broken._ The attack
surface is tiny compared to, say, LastPass.

You choose your own sync solution, unlike LastPass/the like.

What's the new standard for AES passes? Patch notes mention it but not the
number.

------
robszumski
If you're on a Mac and care about UX, MacPass is an awesome client:
[https://github.com/mstarke/MacPass](https://github.com/mstarke/MacPass)

This person should sell this...

~~~
flanbiscuit
I've been using KeepassXC and really like it.

[https://keepassxc.org/](https://keepassxc.org/)

[https://github.com/keepassxreboot/keepassxc](https://github.com/keepassxreboot/keepassxc)

HN discussion about it:
[https://news.ycombinator.com/item?id=13468261](https://news.ycombinator.com/item?id=13468261)

------
jstewartmobile
I've been using KeePass for close to a decade now, and it has never let me
down.

Great job!

------
jl6
A while back I asked HN if there was any way I could trust an iOS keepass
client. The answer was no, on the basis that you have no way of auditing
whether the open source code built what’s in the App Store. Nor is there a way
of preventing a rogue keepass client app from accessing the internet and
exfiltrating your database and password.

Has any of that changed recently?

~~~
Tharkun
What's stopping you from compiling the source on mac?

~~~
r00fus
Ostensibly because then you'd have to deploy it yourself to the iOS device -
which is fine for your iPhone but not so easy for your parents' iPads across
the country/world.

------
teekert
I went to KeepassXC, so far, it looks better but it starts much slower...

~~~
walkingolof
It also have this issue that if you start edit a entry, it never auto locks,
otherwise great software.

~~~
okanesen
It actually does, if you check the option 'Automatically save after every
change' under Settings -> General.

------
the_dege
The most interesting features are:

    
    
        - Printable Emergency Sheet
        - a function to search for similar passwords

~~~
polleroo
I came here hoping that the emergency sheet feature was an implementation of
Shamir Secret Sharing. That would allow you to give a few sheets to trusted
people, which they could combine to reveal your password.

~~~
StavrosK
You can do that with any number of utilities, though. Why does it have to be
built in to KeePass?

~~~
polleroo
True, but they don't seem obviously inter-operable (at least to non-technical
users).

The same parameters input into two online SSSS generators: 3 parts( 2 reqd),
secret=hackernews yield different parts.

I want to make it easy to recover. Using the same tool to store the passwords
and recover the keys simplifies the process.

[1]: [http://point-at-infinity.org/ssss/](http://point-at-infinity.org/ssss/)
[2]:
[https://iancoleman.github.io/shamir/](https://iancoleman.github.io/shamir/)

------
liminal
I was just given a mac at work and haven't figured out how to integrate
KeePass with Firefox on OSX. On Windows I was using KeeFox, but I can't find a
mac client that include KeePassRPC and the mono instructions didn't make
sense. For now I'm using KeeWeb and manually copying entries. Suggestions?

~~~
Quiark
Suggestion: don't use integration. The whole idea has a high risk of security
compromise and the plugins I've seen were not implemented well. I use
copy/paste or Autotype and don't find it slow to use at all.

~~~
luma
So now all anyone needs to do is watch your clipboard? I'm not arguing your
approach as I use Keepass in the same way, but I also know it'd be pretty
straightforward to snarf my creds if you were able to watch my clipboard.

~~~
blacksmith_tb
Not exactly - KeePassXC (and many of the other clients) do try to unset the
clipboard. I think this is as much to save you from accidentally pasting a
password into your browser's search box or a chat, but at least on OSX /
macOS, it prevents a malicious script from using pbpaste to grab the last
entry off the clipboard.

~~~
luma
KeePass does the same thing by default, but all you've done is create a race
condition. Clipboard changes can be picked up by any application that cares to
listen.

------
theandrewbailey
I see the Keepass website has finally started to use HTTPS.

~~~
ythn
Still not using proper version control, though

~~~
kronos29296
Does proper version control mean using github or just a git repo or something
of that sort? I guess the developer wants to keep it a single dev project (old
fashioned but the small project size means it doesn't make a big
difference).[1]

[1]:
[https://sourceforge.net/p/keepass/discussion/329220/thread/0...](https://sourceforge.net/p/keepass/discussion/329220/thread/02383c83/)

~~~
ythn
"I'm not going to maintain a version control system."

"Having no source code repository (version control system) doesn't mean that
KeePass isn't open source."

\--Dominik Reichl

------
fenomas
Is this being flagged for some reason?

It's _way_ below similarly aged articles with ~5x fewer points.

------
nwah1
Is there an ETA for using .NET Core?

~~~
kevindqc
Are they planning on using .NET Core? With no UI?

~~~
nwah1
I assume there's plenty of options... Qt or gtk bindings, electron, etc

Looks like Xamarin is building full cross-platform support via XAML

[https://blog.xamarin.com/glimpse-future-xamarin-
forms-3-0/](https://blog.xamarin.com/glimpse-future-xamarin-forms-3-0/)

Avalonia seems like a straightforward reimplementation of WPF that is already
usable.

[https://github.com/AvaloniaUI/Avalonia](https://github.com/AvaloniaUI/Avalonia)

DotVVM is working on electron support, and I work with it already. I like it.

[https://github.com/riganti/dotvvm-
electron](https://github.com/riganti/dotvvm-electron)

