Talk:KeePass
This is the talk page for discussing improvements to the KeePass article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
This page was proposed for deletion by an editor in the past. |
This article was nominated for deletion on 14 July 2013 (UTC). The result of the discussion was keep. |
This article is rated C-class on Wikipedia's content assessment scale. It is of interest to multiple WikiProjects. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Copyright
editIs this a copyvio from here? There are many exactly duplicated sentences in each, and a copyright is claimed on the linked page.--Hansnesse 19:03, 21 January 2006 (UTC)
NPOV
editThe entire article reads like an argument for using KeePass. I added the {advertisement} tag for cleanup. Paul6743 04:10, 21 October 2006 (UTC)
.NET
editNote that KeePass version 2 (currently in alpha) is written entirely in .NET, unlike the current 1.x who doesn't need it. grawity 18:51, 31 March 2007 (UTC)
Not an Advertisement
editI know nothing about this software, and the article does read like advocacy. However, most if not all of the statements that it makes are empirically verifiable or falsifiable claims. Unless there's clear evidence that some of the material is untrue, it merits rewriting more than deletion. kraemer 05:16, 10 July 2007 (UTC)
Cryptanalysis?
editHas anyone done an attack or a produce cryptanalysis report to prove its credibility.
Flaws, Drawbacks, Shortcomings or Criticism?
editThis may be a well-written program or not, but I have no personal knowledge either way. However, in order to have/maintain NPOV and following on the comment in "Cryptanalysis?" above, I think there should be a section included about known or potential issues with this software. Two items come to mind: (1) someone only needs to crack a single password to have access to 50 or so others, and; (2) if the password file has a fixed (or even default) filename, it would be a logical target for code crackers. It seems like the latter is indirectly addressed in the current version of the article, but it could be clearer IMHO.
- Even if you have the actual file sent to you for cracking, if it is secured by a reasonably long master password (like 12 random characters) it will do you no good. A firsthand report of such a failed attempt can be found at http://www.excivity.com/ComputeCycle/cracking-keepass-passwords/ - the reason why this is so is explained in the KeePass documentation - the file is encrypted many times over so that it actually takes a real amount of time for each try. Cynebeald (talk) 16:26, 26 September 2012 (UTC)
I found out about this program at about the same time from our (large, trustworthy) corporate IT department and from a monthly newsletter from HP. I was concerned when I looked it up and didn't find a discussion of the potential problems I mentioned above. If KeePass has already addressed these issues, it should be mentioned.--CheMechanical (talk) 17:12, 27 January 2008 (UTC)
Comparison with built-in OS solutions?
editI would be interested on how this compares to e.g. Apple Keychain in terms of encryption / hackability. The same holds for any Windows-own password storage if there is any. Perhaps this information should also onto the appropriate pages for OS-included password databases. —Preceding unsigned comment added by 85.176.183.231 (talk) 05:48, 10 July 2008 (UTC)
As per my comments below on OpenSource - Both KeyChain and KeyPass are safe. Given what these programmes do that is paramount - above even the user interface and functionality. — Preceding unsigned comment added by 84.92.230.173 (talk) 12:29, 7 November 2015 (UTC)
Data Fields
editIn my current task of evaluating different Password keeper/manager programs for both Mac and Windows, I would like to add a section which lists the data items that KeePass (and KeePassX) store. Any objections to my adding that as a new section? Beginnersview (talk) 10:00, 15 September 2008 (UTC)
KeePassX
editThe article KeePassX was merged into this one, and now redirects here, however, there is almost no mention of KeePassX; just one sentance that links to KeePassX, which redirects here. HuGo_87 (talk) 16:32, 18 April 2011 (UTC)
- HuGo_87, Good point. I added an external link and the logo. Keith Cascio (talk) 02:56, 1 January 2012 (UTC)
- KeePassX is not KeePass! It started as a KeePass clone, KeePass/L for Linux, but since long is a software on its own, also available for Windows. It shouldn't be merged with KeePass. You don't merge other password managers too... JaKi143 (talk) 14:52, 15 September 2013 (UTC)
I agree with this; KeePassX should have a separate page. AdmiredSneeze (talk) 14:29, 6 January 2016 (UTC)
Brief Security Audit Paper - 2014
editThis could be useful in assessing KeePass's security:
https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-silver.pdf
KeeFox
editThe version is 1.4.6 - Released 2015 Jan 15 on Mozilla Addons Page 69.230.97.74 (talk) 05:43, 27 January 2015 (UTC)
Security issue?
edithttps://news.ycombinator.com/item?id=9727297 — Preceding unsigned comment added by 109.106.59.240 (talk) 21:46, 16 June 2015 (UTC)
- It is a forum post, not anywhere near WP:RS - Ahunt (talk) 19:18, 17 June 2015 (UTC)
Open Source
editI feel one of the biggest threats in a password manager is simply that it has a back door. A password manager written by a small company or private individual could in theory become popular through a good interface design and other facilities - only to be "harvested" via internet of everyone's bank account details a few years further down the road. Consequently there are only two forms of password manager worthy of trust and they are 1) Those promoted by multinationals of some intrinsic standing (Microsoft, Apple, IBM, HP...) who would have so much to lose from such a product going rogue it can then be assumed trusted if it carries their name 2) Programs that are managed by an open source community where the code can be freely inspected - which does not undo the security as that still needs the password - it just makes plain there is nowhere for malicious code to hide.
Not only should this article make plain this is the case with KeyPass - all such articles about open source should mention it prominently.
I feel sorry about small independents making such software re my comment, but frankly they should not be coding and promoting such things.
- By an IT professional and long term user of KeyPass, despite any shortcomings; entirely due to the above. ** — Preceding unsigned comment added by 84.92.230.173 (talk) 12:27, 7 November 2015 (UTC)
- Lawl, better read Dual_EC_DRBG and . Multinationals will sell you for the highest bid. --分液漏斗 (talk) 18:26, 13 June 2016 (UTC)
Do you trust that there is no backdoor in Bit Locker simply because it is the product of a large corporation? I don't. Gentleman wiki (talk) 09:14, 11 March 2017 (UTC)
EU-FOSSA security software audit underway
editNot sure if this is already worth including, but the EU-FOSSA project is currently auditing KeePass. Just as a note, maybe someone wants to work it in or keep track, and work in the results. https://joinup.ec.europa.eu/community/eu-fossa/home 149.172.134.6 (talk) 15:01, 27 August 2016 (UTC)
Cryptography
editWithout being too technical there should be a mention of the user configurable key derivation function. Notably Argon2 is now available which is indeed very interesting. Gentleman wiki (talk) 02:20, 8 March 2017 (UTC)
- Do you have a ref that explains that? - Ahunt (talk) 02:27, 8 March 2017 (UTC)
- There is no official user manual, all the information is on several web pages. Specifically for the KDF it is here. Gentleman wiki (talk) 18:56, 13 April 2017 (UTC)
External links modified
editHello fellow Wikipedians,
I have just modified one external link on KeePass. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
- Added archive https://web.archive.org/web/20060217114706/http://www.codeproject.com/editctrl/SecEditEx.asp to http://www.codeproject.com/editctrl/SecEditEx.asp
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}}
(last update: 5 June 2024).
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—InternetArchiveBot (Report bug) 16:46, 3 May 2017 (UTC)
"Keep ass" listed at Redirects for discussion
editAn editor has asked for a discussion to address the redirect Keep ass. Please participate in the redirect discussion if you wish to do so. Shhhnotsoloud (talk) 12:55, 1 April 2020 (UTC)
Yes, let's discuss this, quickly, until April 1st is over ;-) -- Evilninja (talk) 16:47, 1 April 2020 (UTC)
KeePassium and other list entry removals
editNot a KeePass derivative
|
---|
I disagree that the following contribution was not notable and looks like Spam. We can always discuss here what‘s notable or not but I hate deletions that remind me on the behavior of the Deletion Mafia on Wikipedia.de experienced years ago deleting contributions of other authors having a different perception or understanding of what‘s noteable. KeePassium entry removed as not noteableedit
I also hate Spam and have been an active contributor for a long time. What’s relevant for me and others might not be relevant for you, but can’t we accept others having a different opinion and discuss before delete? That‘s what these pages are existing for, or? WikipediaMaster Arguments for removaledit
Excuse meeditSorry if you felt accused, that was not my intention, but there are so many things noteable not existing yet as article in Wikipedia and that's why the wiki system actually got designed in the way that noteable missing articles appear with red links so other users or authors can pick up on it. Notability and perceptioneditIt's also noteable that notable isn't defined like you try to define it here on Wikipedia as you do so to be able to find a reason for the deletion of my contribution just as you don't agree it is noteable enough yet. I agree there are many forks but this is quite sure one of the most noteable once for iOS I have seen and used since MiniKeePass has been discontinued. I agree it looks a bit like promotion as I referenced it’s website (not as Spam but) as relevant information source due to the fact that I am not the only user (following AppStore ratings) seeing it as a remarkable high quality fork for iOS. Following the idea of Wikipedia it’s important we continue promoting the creation of new articles using wiki syntax like I did instead of fighting for opinions that don‘t fit with your, my or a third parties idea about what’s relevant or not to be added to Wikipedia. It‘s fine we are both here because it‘s for the same purpose! Greetings from WikipediaMaster The Problem …edit
… Not a problemedit
Excerpt from Wikipedia Notability guidelineseditNotability guidelines do not apply to content within articles or lists. (They apply e.g. to the CREATION of stand alone lists, not to the contents.) The criteria applied to the creation or retention of an article are not the same as those applied to the content inside it. The notability guideline does not apply to the contents of articles. It also does not apply to the contents of stand-alone lists, unless editors agree to use notability as part of the list selection criteria. Content coverage within a given article or list (i.e. whether something is noteworthy enough to be mentioned within the article or list) is governed by the principle of due weight, balance, and other content policies. WikipediaMaster (talk) 12:13, 5 March 2023 (UTC) Missing editor agreement on 2019 deletionseditThere is no clear editor agreement regarding the List of KeePass forks or derivates removed by user: Ahunt in 2019 as „not notable“. Fact is that the deletion got never discussed before, so the principle of due weight, balance, and other content policies being applied correctly can at least be questioned here. Find below the list entries that got removed in 2019. WikipediaMaster (talk) 12:13, 5 March 2023 (UTC) Unofficial KeePass derivativesedit
WikipediaMaster (talk) 12:13, 5 March 2023 (UTC) References
Edit consensus and timeedit
|
Can anyone update the main page to version 2.56?
editI can't figure out how to update it. Pineconefoxowlyipman (talk) 05:57, 27 March 2024 (UTC)