Skip to main content

Keepass and KeepassX

The project is to build a Linux Mint machine to have the identical functionality and ergonomics as the existing Windows 10 machine.

This stage relates to password manager, Keepass.

Environment & required functionality

A number of encrypted password vaults synchronise between three machines:

  • The Linux Mint Xfce laptop "Gandalf";
  • The Windows 10 laptop "Legolas";
  • Another Windows 10 machine, name withheld to protect the guilty.

The synchronisation agent is Google Drive in Windows 10, and grive2 in Linux Mint.

Alternatives

My original decision to use Keepass was in 2016 and was based on:

  • Keepass is open-source;
  • Keepass is locally stored, not stored in the cloud;
  • Keepass does not automatically plug into the browser (a plugin permits this if ever necessary);
  • higher security standards at the office, worth deploying at home;
  • portability of the password vault via Google Drive, encrypted such that Google would not be able to slurp data from an otherwise-unencrypted vault.
  • overall solid level of security, with the main vulnerability being the integrity of the password vault, a risk which is easily manageable (regular backups).

There are alternatives to Keepass, but none have the overall comparative advantage of Keepass.

As at Mar2018, the above remains the case.

So the salient strategy is to find an app that is perfectly compatible with the Keepass vault that also runs on Linux.

Software selection

There are three versions of Keepass available for Linux!  What a stroke of luck!

At the time of selecting software, Keepass v2 and KeepassXC seemed to share the same data structure for the vault.

The community seemed to understand the differences between Keepass and KeepassX fairly well.

But it was clear that Keepass needed either Mono or Wine, which strategically doesn't make sense.  The aim of this project is to migrate from Windows to Linux Mint, so using Windows applications at a first resort misses the point.

Installation experience

Gandalf had both KeepassX and KeepassXC installed, one after the other.

In both cases, dead easy:

  • KeepassX was available in the default repositories of Linux Mint, i.e. Synaptic Package Manager > KeepassX (maintained by Ubuntu Developers, so Linux Mint simply shipped it in from Ubuntu).  From Synaptic, select and get Synaptic to download and install it.
  • KeepassXC was available by adding a PPA pherious/keepassxc via Synaptic Package Manager, allowing Synaptic to update its data, then selecting the package in Synaptic and from there downloading and installing it.

User experience

Of the three, Keepass v2 for Windows is undoubtedly the most compatible application for power users.

KeepassX was not.  Very little of the application was accessible by keyboard, not even the menus were properly keyboard-accessible.  It successfully read the password vault, but attempting to autotype via the mouse was just an exercise in futility.  Just as well the app is more-or-less unsupported.  It got uninstalled within an hour; it wasn't worth testing any further.

KeepassXC and Keepass v2 function almost identically, even sharing the same keyboard shortcuts for power users.  For the password manager, I've been able to use Gandalf in the same way I use Legolas.  This is great news: it means the project is being accomplished.

Between Keepass v2 and KeepassXC, I see three main functional differences:

  • KeepassXC can generate passphrases as well as passwords, whereas Keepass v2 can generate only passwords.  This is noteworthy, because passwords (e.g. "7j@CCPFdW+\b8JMkef8nPzmV$zN") are easier for a powerful machine to resolve than passphrases (e.g. "radiantly upgrade racism renovator active retired cozily").  Passphrases are also easier for a human being to type.
  • Keepass v2 can generate passwords with a 9 types of character, whereas KeepassXC generates from the same basic character set, but groups them into only 5 types of character.  Presumably, Keepass v2 has learnt that some websites have really stupid password rules and discriminate against some character types for zero good reason.
  • Keepass v2 can synchronise one database to a remote copy of the same database - which is really useful in a corporate networked environment - whereas KeepassXC can merge databases.  Is this the same functionality, simply with a different name (contrary to the basic English definitions of "synchronise" and "merge")? Possibly, but I don't need to test KeepassXC's function, because I don't need either "merge" or "sync" at home.
Once updated on any one of the three machines, Google Drive/Grive2 did its stuff correctly and ensured changes were propagated correctly to the three machines.

Conclusion

In respect of Keepass, the project is on track to build a Linux Mint machine functionally identical to a Windows 10 machine.

Comments

Post a Comment

Popular posts from this blog

Scanning & OCRring to PDF: Simple Scan, gimagereader and gscan2pdf v NAPS2 for Windows

The project is to build a Linux Mint machine to have the identical functionality and ergonomics as the existing Windows 10 machine. This stage relates to scanning paper documents to PDF and digitising the scanned text via optical character recognition. Environment & required functionality The scan-and-OCR function needs to run on the following machines: The Linux Mint Xfce 18.3 laptop " Gandalf "; A Linux Mint Xfce 18.3 virtual machine " Gimli "; The Windows 10 laptop " Legolas ". In any modern office - whether at home or at work - some transactional documents and documents from public authorities still arrive by snail-mail. This requires the ability to scan all documents, optionally with the digitisation of scanned text (typically via optical character recognition). The hardware is an old HP OfficeJet Pro 276dw, connected to the LAN instead of directly to a workstation. Alternatives There are two strategies: To use the software pr
Post a Comment
Read more

Status report: wholesale migration from Windows to Linux is not functionally possible

As at mid-May2019 , it was clear that the path to migration from Windows to Linux was obstructed by a lack of apps that are fit-for-purpose being available in the Linux environment. Since May2019, there has been no change to the apps/functionalities then listed in the section, "Path to migration is obstructed by apps which are incompatible or otherwise unusable."  Developments in the interim have merely confirmed that the apps available for the Linux environment are not fit-for-purpose, and are unlikely to be fit-for-purpose for the foreseeable future . So, it's time for a change of tack.  The time is right to deploy Occam's Razor. In short, the Linux Mint offers a perfect solution to the jaded Windows user.  The only problem with Linux Mint is not of Linux Mint's making.  The problem is a lack of apps that are fit-for-purpose in the Linux environment.  By fit-for-purpose, I mean apps that meet the hygiene requirements of office-based, corporate lackeys who
Post a Comment
Read more

An attempt at full-disk encryption: Vera Crypt

The project is to build a Linux Mint machine to have the identical functionality and ergonomics as the existing Windows 10 machine. This stage relates to testing full-disk encryption using VeraCrypt . Environment & required functionality Full-disk encryption needs to run on the following machines: The Linux Mint Xfce 18.3 laptop " Gandalf "; The Windows 10 laptop " Legolas ". The objective requirement is to protect user data from the physical theft of the physical machine, to provide an additional line of defence against data loss. This is probably more important for Windows than for Linux Mint.   Even so, in both cases, the operating system is likely to log activity which can reveal personal data and user (meta)data. Full-disk encryption does not mitigate against Microsoft’s sinister telemetry functionality, for which the main solutions seem to be: Either to use tools whose developers are constantly on the prowl, hunting for t
Post a Comment
Read more