Skip to main content

Keepass and KeepassX

The project is to build a Linux Mint machine to have the identical functionality and ergonomics as the existing Windows 10 machine.

This stage relates to password manager, Keepass.

Environment & required functionality

A number of encrypted password vaults synchronise between three machines:

  • The Linux Mint Xfce laptop "Gandalf";
  • The Windows 10 laptop "Legolas";
  • Another Windows 10 machine, name withheld to protect the guilty.

The synchronisation agent is Google Drive in Windows 10, and grive2 in Linux Mint.

Alternatives

My original decision to use Keepass was in 2016 and was based on:

  • Keepass is open-source;
  • Keepass is locally stored, not stored in the cloud;
  • Keepass does not automatically plug into the browser (a plugin permits this if ever necessary);
  • higher security standards at the office, worth deploying at home;
  • portability of the password vault via Google Drive, encrypted such that Google would not be able to slurp data from an otherwise-unencrypted vault.
  • overall solid level of security, with the main vulnerability being the integrity of the password vault, a risk which is easily manageable (regular backups).

There are alternatives to Keepass, but none have the overall comparative advantage of Keepass.

As at Mar2018, the above remains the case.

So the salient strategy is to find an app that is perfectly compatible with the Keepass vault that also runs on Linux.

Software selection

There are three versions of Keepass available for Linux!  What a stroke of luck!

At the time of selecting software, Keepass v2 and KeepassXC seemed to share the same data structure for the vault.

The community seemed to understand the differences between Keepass and KeepassX fairly well.

But it was clear that Keepass needed either Mono or Wine, which strategically doesn't make sense.  The aim of this project is to migrate from Windows to Linux Mint, so using Windows applications at a first resort misses the point.

Installation experience

Gandalf had both KeepassX and KeepassXC installed, one after the other.

In both cases, dead easy:

  • KeepassX was available in the default repositories of Linux Mint, i.e. Synaptic Package Manager > KeepassX (maintained by Ubuntu Developers, so Linux Mint simply shipped it in from Ubuntu).  From Synaptic, select and get Synaptic to download and install it.
  • KeepassXC was available by adding a PPA pherious/keepassxc via Synaptic Package Manager, allowing Synaptic to update its data, then selecting the package in Synaptic and from there downloading and installing it.

User experience

Of the three, Keepass v2 for Windows is undoubtedly the most compatible application for power users.

KeepassX was not.  Very little of the application was accessible by keyboard, not even the menus were properly keyboard-accessible.  It successfully read the password vault, but attempting to autotype via the mouse was just an exercise in futility.  Just as well the app is more-or-less unsupported.  It got uninstalled within an hour; it wasn't worth testing any further.

KeepassXC and Keepass v2 function almost identically, even sharing the same keyboard shortcuts for power users.  For the password manager, I've been able to use Gandalf in the same way I use Legolas.  This is great news: it means the project is being accomplished.

Between Keepass v2 and KeepassXC, I see three main functional differences:

  • KeepassXC can generate passphrases as well as passwords, whereas Keepass v2 can generate only passwords.  This is noteworthy, because passwords (e.g. "7j@CCPFdW+\b8JMkef8nPzmV$zN") are easier for a powerful machine to resolve than passphrases (e.g. "radiantly upgrade racism renovator active retired cozily").  Passphrases are also easier for a human being to type.
  • Keepass v2 can generate passwords with a 9 types of character, whereas KeepassXC generates from the same basic character set, but groups them into only 5 types of character.  Presumably, Keepass v2 has learnt that some websites have really stupid password rules and discriminate against some character types for zero good reason.
  • Keepass v2 can synchronise one database to a remote copy of the same database - which is really useful in a corporate networked environment - whereas KeepassXC can merge databases.  Is this the same functionality, simply with a different name (contrary to the basic English definitions of "synchronise" and "merge")? Possibly, but I don't need to test KeepassXC's function, because I don't need either "merge" or "sync" at home.
Once updated on any one of the three machines, Google Drive/Grive2 did its stuff correctly and ensured changes were propagated correctly to the three machines.

Conclusion

In respect of Keepass, the project is on track to build a Linux Mint machine functionally identical to a Windows 10 machine.

Comments

Post a Comment

Popular posts from this blog

Scanning & OCRring to PDF: Simple Scan, gimagereader and gscan2pdf v NAPS2 for Windows

The project is to build a Linux Mint machine to have the identical functionality and ergonomics as the existing Windows 10 machine. This stage relates to scanning paper documents to PDF and digitising the scanned text via optical character recognition. Environment & required functionality The scan-and-OCR function needs to run on the following machines: The Linux Mint Xfce 18.3 laptop " Gandalf "; A Linux Mint Xfce 18.3 virtual machine " Gimli "; The Windows 10 laptop " Legolas ". In any modern office - whether at home or at work - some transactional documents and documents from public authorities still arrive by snail-mail. This requires the ability to scan all documents, optionally with the digitisation of scanned text (typically via optical character recognition). The hardware is an old HP OfficeJet Pro 276dw, connected to the LAN instead of directly to a workstation. Alternatives There are two strategies: To use the software pr
Post a Comment
Read more

An attempt at full-disk encryption: Vera Crypt

The project is to build a Linux Mint machine to have the identical functionality and ergonomics as the existing Windows 10 machine. This stage relates to testing full-disk encryption using VeraCrypt . Environment & required functionality Full-disk encryption needs to run on the following machines: The Linux Mint Xfce 18.3 laptop " Gandalf "; The Windows 10 laptop " Legolas ". The objective requirement is to protect user data from the physical theft of the physical machine, to provide an additional line of defence against data loss. This is probably more important for Windows than for Linux Mint.   Even so, in both cases, the operating system is likely to log activity which can reveal personal data and user (meta)data. Full-disk encryption does not mitigate against Microsoft’s sinister telemetry functionality, for which the main solutions seem to be: Either to use tools whose developers are constantly on the prowl, hunting for t
Post a Comment
Read more

The Big Bang: Microsoft Windows goes for good, positive adaptations required

On 27Mar2021, Linux Mint ate Microsoft Windows 10 on Legolas. Three months on, I conclude beyond any doubt that wiping out Windows was the best decision I ever made. The second best decision I ever made was to test Linux Mint in Virtual Box five years ago. The third best decision I ever made was to take ownership of the learning curve that migrating in Windows really entails. A quick reminder: what’s Microsoft Windows like nowadays? I still need to use Windows at work. I cannot easily describe how painful it now is to use Windows. So I’ll try to describe it difficultly. My work machine is a powerful beast, but it exhibits constant latency. For a keyboard-orientated power user, this means that some keystrokes go walkabouts when other services on the Windows machine go to nuclear war with each other, scrambling to feed their narcissistic self-importance for besieged system resources wholly at the user’s expense. Something on Windows tends to clear the keyboard buffer randomly, resulting
Post a Comment
Read more