Skip to main content

Keepass and KeepassX

The project is to build a Linux Mint machine to have the identical functionality and ergonomics as the existing Windows 10 machine.

This stage relates to password manager, Keepass.

Environment & required functionality

A number of encrypted password vaults synchronise between three machines:

  • The Linux Mint Xfce laptop "Gandalf";
  • The Windows 10 laptop "Legolas";
  • Another Windows 10 machine, name withheld to protect the guilty.

The synchronisation agent is Google Drive in Windows 10, and grive2 in Linux Mint.

Alternatives

My original decision to use Keepass was in 2016 and was based on:

  • Keepass is open-source;
  • Keepass is locally stored, not stored in the cloud;
  • Keepass does not automatically plug into the browser (a plugin permits this if ever necessary);
  • higher security standards at the office, worth deploying at home;
  • portability of the password vault via Google Drive, encrypted such that Google would not be able to slurp data from an otherwise-unencrypted vault.
  • overall solid level of security, with the main vulnerability being the integrity of the password vault, a risk which is easily manageable (regular backups).

There are alternatives to Keepass, but none have the overall comparative advantage of Keepass.

As at Mar2018, the above remains the case.

So the salient strategy is to find an app that is perfectly compatible with the Keepass vault that also runs on Linux.

Software selection

There are three versions of Keepass available for Linux!  What a stroke of luck!

At the time of selecting software, Keepass v2 and KeepassXC seemed to share the same data structure for the vault.

The community seemed to understand the differences between Keepass and KeepassX fairly well.

But it was clear that Keepass needed either Mono or Wine, which strategically doesn't make sense.  The aim of this project is to migrate from Windows to Linux Mint, so using Windows applications at a first resort misses the point.

Installation experience

Gandalf had both KeepassX and KeepassXC installed, one after the other.

In both cases, dead easy:

  • KeepassX was available in the default repositories of Linux Mint, i.e. Synaptic Package Manager > KeepassX (maintained by Ubuntu Developers, so Linux Mint simply shipped it in from Ubuntu).  From Synaptic, select and get Synaptic to download and install it.
  • KeepassXC was available by adding a PPA pherious/keepassxc via Synaptic Package Manager, allowing Synaptic to update its data, then selecting the package in Synaptic and from there downloading and installing it.

User experience

Of the three, Keepass v2 for Windows is undoubtedly the most compatible application for power users.

KeepassX was not.  Very little of the application was accessible by keyboard, not even the menus were properly keyboard-accessible.  It successfully read the password vault, but attempting to autotype via the mouse was just an exercise in futility.  Just as well the app is more-or-less unsupported.  It got uninstalled within an hour; it wasn't worth testing any further.

KeepassXC and Keepass v2 function almost identically, even sharing the same keyboard shortcuts for power users.  For the password manager, I've been able to use Gandalf in the same way I use Legolas.  This is great news: it means the project is being accomplished.

Between Keepass v2 and KeepassXC, I see three main functional differences:

  • KeepassXC can generate passphrases as well as passwords, whereas Keepass v2 can generate only passwords.  This is noteworthy, because passwords (e.g. "7j@CCPFdW+\b8JMkef8nPzmV$zN") are easier for a powerful machine to resolve than passphrases (e.g. "radiantly upgrade racism renovator active retired cozily").  Passphrases are also easier for a human being to type.
  • Keepass v2 can generate passwords with a 9 types of character, whereas KeepassXC generates from the same basic character set, but groups them into only 5 types of character.  Presumably, Keepass v2 has learnt that some websites have really stupid password rules and discriminate against some character types for zero good reason.
  • Keepass v2 can synchronise one database to a remote copy of the same database - which is really useful in a corporate networked environment - whereas KeepassXC can merge databases.  Is this the same functionality, simply with a different name (contrary to the basic English definitions of "synchronise" and "merge")? Possibly, but I don't need to test KeepassXC's function, because I don't need either "merge" or "sync" at home.
Once updated on any one of the three machines, Google Drive/Grive2 did its stuff correctly and ensured changes were propagated correctly to the three machines.

Conclusion

In respect of Keepass, the project is on track to build a Linux Mint machine functionally identical to a Windows 10 machine.

Comments

Popular posts from this blog

OnlyOffice: keyboard inaccessible, so not useable, therefore not tested

I installed OnlyOffice https://www.onlyoffice.com/. I had intended to test it with my now-standard test suite of two linked workbooks.

Unfortunately, in spite of a promising look, I quickly discovered that - with one exception - everything was navigable only by mouse.

That makes it a child's toy.  Unfit for purpose!  No point in testing it further.

I uninstalled it within 10 minutes of installing it.


Adjusting screen brightness

The machine on which Linux Mint is installed an old Acer Aspire 5732Z ("Gandalf")

It has buttons to adjust the brightness of the screen's backlight.  When the user uses these buttons, Linux Mint correctly presented a fading-popup box (a slider bar) to denote relative brightness.  But Linux Mint did not actually adjust the brightness of the screen.

It seems to be a known issue in the Linux Mint forums and solved in multiple  stages by the Easy Tips Project.

I followed the instructions on Easy Tips section 5.2 in Gandalf's admin account, then re-booted, then logged in using the user account, and the brightness adjustment function worked correctly.

Easy Tips asks the user to discover the relevant property of the machine, then creates a file that contains a script of parameters that other programs in Linux Mint understand.

This method worked for Gandalf, because Gandalf has an integrated Intel chipset.

Useful commands at the Terminal ALT+T (or the Mint) menu gets to the …