Results 1 to 9 of 9

Thread: Is KeePass truly safe?

  1. #1
    Join Date
    Mar 2012
    Beans
    37

    Is KeePass truly safe?

    Hello,

    I want to use a password manager, preferably a open source one, like KeePass. But as I'm paranoid about literally ALL things, I was wondering if this programme is safe at all to use?

    When talking about "safe", I mean: can this programme send data to cyber criminals or others? I know it's open source, so everyone can look into the source code, but I'm still worried.

    I also intend to use this programme on Windows; is keepass.info the legitimate, official website?


    Thank you very much in advance.

  2. #2
    Join Date
    Sep 2006
    Location
    France.
    Beans
    Hidden!
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Is KeePass truly safe?

    I use KeepassX https://www.keepassx.org/
    Works on all platforms. if you are really concerned, in addition of a password, you can set it up to require a file be present on the device you open the db from.
    I use it on both Linux and Mac OSX, there is a windows version.
    Last edited by bapoumba; March 10th, 2014 at 10:49 PM.
    | My old and mostly abandoned blog |
    Linux user #413984 ; Ubuntu user #178
    J'aime les fraises.
    Nighty night me lovelies!

    | Reinstalling Ubuntu ? Please check this bug first ! |
    | Using a ppa ? Please install ppa-purge from universe, you may need it should you want to revert packages back |
    | No support requests / username changes by PM, thanks. |
    [SIGPIC][/SIGPIC]

  3. #3
    Join Date
    Apr 2009
    Beans
    234
    Distro
    Xubuntu 16.04 Xenial Xerus

    Re: Is KeePass truly safe?

    Unless you are willing and able to check the source code for yourself you're pretty much stuck with trusting it as is. The keepass.info site is linked from sourceforge which makes it legit to me. A 'whois' on the URL looks OK, too.

    So if your data and comms are as sensitive as mine - as in NOT - you're good to go. If they are really, really sensitive, then maybe someone else here may have pointers for you.

  4. #4
    Join Date
    Mar 2012
    Beans
    37

    Re: Is KeePass truly safe?

    Hello,

    Thank you for the replies. So this won't contain any spyware since it's hosted on sourceforge? I'd like to hear some other opinions/experiences too.

  5. #5
    Join Date
    Jun 2011
    Beans
    357

    Re: Is KeePass truly safe?

    You won't know it is safe for sure unless you either audit the code or monitor your network traffic. that being said, KeePass has been around for some time now. If it were doing things like calling home someone probably would have noticed by now.

  6. #6
    Join Date
    Oct 2005
    Location
    Al Ain
    Beans
    9,095

    Re: Is KeePass truly safe?

    Howdy,

    Let me put it this way:
    Keepass is most probably safe, since it is an old and active project, but if your computer is compromised then all bets are off.
    However, if you only use Linux and Mac with Keepass, then you are most probably safe.

    I use it with two databases: The common things I need on all my devices, and the sensitive things I need for work, which are only accessible on a few devices.

    A good way to make Keepass accessible on all your devices, is via Dropbox, Copy, Spideroak or similar public FTP services. Simply put the database in the dropbox (or other) folder and it will be synched to all machines and cell phones you need it on. It really works like a charm.

  7. #7
    Join Date
    Feb 2005
    Location
    France
    Beans
    3
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Is KeePass truly safe?

    Sometime ago (2010), Keepass has been reviewed and certified by French national Information Security org. Security audit here (in French...):
    http://www.ssi.gouv.fr/fr/produits-e...n_2010_07.html

  8. #8
    Join Date
    Sep 2006
    Location
    France.
    Beans
    Hidden!
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Is KeePass truly safe?

    Quote Originally Posted by phedon View Post
    Sometime ago (2010), Keepass has been reviewed and certified by French national Information Security org. Security audit here (in French...):
    http://www.ssi.gouv.fr/fr/produits-e...n_2010_07.html
    Certified on Windows, but certified nonetheless
    | My old and mostly abandoned blog |
    Linux user #413984 ; Ubuntu user #178
    J'aime les fraises.
    Nighty night me lovelies!

    | Reinstalling Ubuntu ? Please check this bug first ! |
    | Using a ppa ? Please install ppa-purge from universe, you may need it should you want to revert packages back |
    | No support requests / username changes by PM, thanks. |
    [SIGPIC][/SIGPIC]

  9. #9
    Join Date
    Oct 2005
    Location
    Al Ain
    Beans
    9,095

    Re: Is KeePass truly safe?

    Note that if you are truly paranoid about Keepass leaking data, then you should not be using Ubuntu in the first place. So, first install Redhat Linux, then use SELinux to isolate KeepassX...

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •