KeePassXC Audit Report

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
#Keepassxc #Keepass #password-manager #Linux #Windows

Our great sponsors
  • Appwrite - The open-source backend cloud platform
  • InfluxDB - Collect and Analyze Billions of Data Points in Real Time
  • Onboard AI - Learn any GitHub repo in 59 seconds
Our great sponsors

  • browserpass-extension

    Browserpass web extension

    pass (passwordstore.org) backed by a remote git repo works well across Linux, Windows, macOS, iOS, and Android, as all of them have decent clients available and there is working browser integration for all popular browsers using browserpass (https://github.com/browserpass/browserpass-extension).

    The learning curve to understand all the moving pieces and the initial setup can be more hassle than many are willing to put up with, but after the initial legwork is done, adding new devices is not that much more complicated than what it is on paid services, and using it is as simple as any of the popular services, IMHO.

  • csync

    I encrypt with gpg and upload the .xkdb file (itself already encrypted) to a server I have access to with scp.

    Not manually, and not only for this file: this is a system I have to sync the files I want in different machines, by running a little program I wrote (https://gitlab.com/jordibc/csync just in case). I would use syncthing otherwise, but this system has several advantages for me.

    If I hadn't access to an online server, I'd use some cloud storage for the same thing.

  • Appwrite

    Appwrite - The open-source backend cloud platform. Add Auth, Databases, Functions, and Storage to your product and build any application at any scale while using your preferred coding languages and tools.

  • keepassxc

    KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.

    database is locked though. See https://github.com/keepassxreboot/keepassxc/issues/7335 for progress on this issue

    Then again, the PDF mysteriously doesn't indicate which words are hyperlinked and so maybe I just didn't wave my cursor over enough words to find those references

    Also, because the outer blogpost didn't mention it (although it is in the actual PDF) the auditor is https://molotnikov.de/cv and it says they work for AWS as a Senior Security Architect. I didn't see anything especially C++ focused, but I guess any independent audit is better than none

  • Cameleonica

    Safe cryptographic steganographic advanced filesystem

    RAM does not get wiped when you power off[1] and cold boot attacks[2] are possible.

    [1] https://github.com/arekbulski/Cameleonica/blob/master/docume...

    [2] https://www.usenix.org/legacy/event/sec08/tech/full_papers/h...

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts