Tuesday, January 16, 2007
Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your homepage's ftp password, online passwords (like CodeProject member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. The thief would have access to your e-mail account, homepage, etc. Unimaginable.
KeePass is a free/open-source password manager or safe which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key-disk. So you only have to remember one single master password or insert the key-disk to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).
Here are the "selling points" of KeePass. To get a first impression, you can also have a look at some of the Screenshots.
* Highly encrypted databases
* Support of master passwords and key-disks
* Runs on all Windows operating systems and doesn't need to be installed
* Export password list to TXT, HTML, XML or CSV files
* Import from CSV, CodeWallet(Pro) TXT and Password Safe v2 TXT files
* Easy database transfer
* Support of password groups
* Time fields and entry attachment support
* Auto-type, global auto-type hot key combination and drag-n-drop support
* Intuitive and secure Windows clipboard handling
* Searching and sorting
* Multi-language support
* Strong random password generator
* Low memory requirement
* Plugin architecture
Highly encrypted databases
* KeePass supports the Advanced Encryption Standard (AES) and the Twofish algorithms to encrypt its password databases.
* Both ciphers are regarded as very secure by the cryptography community. Banks are using these algorithms, too.
* Even if you would use all computers in the world to attack one database, decrypting it would take longer than the age of the universe.
* Even quantum computers won't help that much. The algorithms are symmetric so its complexity would be reduced a bit, anyway, the sun will go nova before you have decrypted the database.
* The complete database is encrypted, not only the password fields. So your usernames, notes, etc. are hidden, too.
* SHA-256 is used as password hash. SHA-256 is a 256-bit cryptographically secure one-way hash function. Your master password is hashed using this algorithm and its output is used as key for the encryption algorithms (AES and Twofish).
* In contrast to many other hashing algorithms, no attacks are known yet against SHA-256.
* In-memory passwords protection: your passwords are encrypted while KeePass is running, so even if Windows caches the KeePass process to disk, this wouldn't reveal your passwords anyway.
* Security-enhanced password edit controls: KeePass is the first password safe that has security-enhanced password edit controls. None of the available password edit control spies work against the controls used in KeePass. The passwords entered in those controls aren't even visible in the process memory of KeePass.
Support of master passwords and key-disks
* One master password decrypts the complete database.
* Alternatively you can use key-disks. Key-disks provide better security than master passwords in most cases. You only have to carry the key-file with you, for example on a floppy disk, or you can burn it on CD. Of course, you shouldn't lose this disk then.
* For even more security you can combine the above two methods: the database then requires the key-disk and the password in order to be unlocked. Even if you lose your key-disk, the database would remain secure.
Runs on all Windows operating systems and doesn't need to be installed
* KeePass doesn't, in contrast to many other applications, use any functions that require the latest Windows operating system, such like theming on XP or like a .NET application that requires a .NET framework (KeePass supports XP themes, but doesn't require this operating system capability).
* The application doesn't need to be installed. The KeePass development team provides you an installer which automates creating links in the startmenu etc., but you also can download the binary zip package which contains only the main executable. This executable runs fine without installing anything.
* KeePass doesn't store anything on your system. The program doesn't create any new registry keys and it doesn't create any initialization files (ini) in your Windows directory. Deleting the KeePass directory (in case you downloaded the binary zip package) or using the uninstaller (in case you downloaded the installer package) leaves no trace of KeePass on your system.
* KeePass runs, without downloading any additional libraries, on Windows 95, 98, 98SE, ME, NT, 2000, XP (Home & Pro, 32-bit & 64-bit), 2003 and Vista.
* Even a 100% compatible version for the PocketPC is available
Export password list to TXT, HTML, XML or CSV files
* The password list can be exported to various formats like TXT, HTML, XML and CSV.
* The XML output can be easily used in other applications (you can re-import XML files into KeePass using a plugin).
* The CSV output is fully compatible with most other password safes like the commercial closed-source Password Keeper and the closed-source Password Agent, also the CSVs can be imported by spreadsheet applications like Microsofts Excel or OpenOffice's Calc.
* The HTML output uses cascading style sheets (CSS) to format the table, so you can easily change the layout.
* Many other file formats are supported through KeePass plugins.
Import from CSV, CodeWallet(Pro) TXT and Password Safe v2 TXT files
* KeePass uses the common CSV export format of various passwords safes like Password Keeper and Password Agent. Exports from these programs can be easily imported to your KeePass databases.
* KeePass can parse and import TXT outputs of CodeWalletPro, a commercial closed-source password safe.
* KeePass can import TXT files created by Bruce Schneier's Password Safe v2.
* Many other file formats are supported through KeePass plugins.
Easy database transfer
* A password database consists of only one file that can be transferred from one computer to another easily.
Support of password groups
* You can create, modify and delete groups, in which passwords can be sorted into.
* The groups can be arranged as a tree, so a group can have subgroups, those subgroups can have subgroups themselves, etc.
Time fields and entry attachment support
* KeePass supports time fields: creation time, last modification time, last access time and expiration time.
* You can attach files to password entries (useful to store PGP signature files in KeePass for example).
Auto-type, global auto-type hot key combination and drag-n-drop support
* KeePass can minimize itself and type the information of the currently selected entry into dialogs, webforms, etc. Of course, the typing-sequence is 100% user-customizable, read the documentation file for more.
* KeePass features a global auto-type hot key. When KeePass is running in the background (with opened database) and you press the hot key, it looks up the correct entry and executes its auto-type sequence.
* All fields, title, username, password, URL and notes can be drag-n-dropped into other windows.
Intuitive and secure Windows clipboard handling
* Just double-click on any field of the password list to copy its value to the Windows clipboard.
* Timed clipboard clearing: KeePass can clear the clipboard automatically some time after you've copied one of your passwords into it.
* Protection against clipboard monitors (other applications won't get notifications that the clipboard content has been changed).
* Paste-once functionality: allow only one paste operation, after pasting the clipboard is cleared automatically by KeePass.
Searching and sorting
* You can search for specific entries in the databases.
* To sort a password group, just click on one of the column headers in the password list, you can sort by any column.
* KeePass can be translated into other languages very easily.
* Over 20 different languages are available already.
Strong random password generator
* KeePass can generate strong random passwords for you.
* You can define the possible output characters of the generator (number of characters and type).
* Random seeding through user input: mouse movement and random keyboard input.
Low memory requirement
* KeePass uses very few memory, only the memory really needed is allocated.
* No unnecessary memory- and CPU-consuming things like any animations are used.
* Other people can write plugins for KeePass.
* Plugins can extend the functionality of KeePass, like providing additional import/export methods for other file formats.
* KeePass free and you have full access to its source code!
* Open-Source prevents from backdoors. You can have a look at its source code and compile it yourself.
* You can yourself check if the security is implemented correctly, you can, if you want, use any other encryption algorithm.
* Opening the sources also encourages other people to port the application to other systems (PocketPC version already in development) or write translations.
* KeePass is OSI Certified Open Source Software. OSI Certified is a certification mark of the Open Source Initiative.