Jump to: navigation, search

Dev/Password Manager

< Dev

Password Manager Comparison Table[edit]

The following table compares the features and status of three password managers that were suggested to be included in Whonix. Data was acquired in March, 2014.

KeePass KeePassX Figaro's Password Manager 2
Homepage http://keepass.info https://www.keepassx.org/ http://als.regnet.cz/fpm2/
Debian package http://packages.qa.debian.org/keepass2 http://packages.qa.debian.org/keepassx http://packages.qa.debian.org/fpm2
Latest version 2.25 [1] 2.0 Alpha 5 [2] 0.79 [3]
Debian version (stable / testing) 2.19 / 2.25 [4] 0.4.3 [5] 0.79 [6]
Used in other security-focused distributions No [7] Tails [8] Liberte Linux [9]
Libraries Mono 2.6 [10] Qt 4.3 [11] GTK2 [12]
Popularity contest statistics (rounded) 1750 [13] 4300 [14] 250 [15]
Download archive size (rounded) 7400 kB [16] 1150 kB [17] 150 kB [18]
Additional disk space needed (rounded) 22100 kB [19] 3150 kB [20] 550 kB [21]
Size installed (rounded) 2150 k [22] 3100 k [23] 500 k [24]
Block ciphers AES [25] AES or Twofish [26] AES [27]
Key size 256 bits [28] 256 bits [29] 256 bits [30]
Hashing SHA-256 [31] SHA-256 [32] SHA-256 [33]
Key file support Yes [34] Yes [35] Yes [36]
Password generator Yes [37] Yes [38] Yes [39]
Various 0.4.3 is no longer maintained [40]

Discussion[edit]

These are update notes on the password manager choices covered as of 2016:

Candidates:

  • Bruce Schneier's passwordsafe is a good replacement. Its only available in Stretch and Sid.[41][42]


Excluded options:

  • KeePass 2 use not recommended because of their hostile stance against user security. [43]
  • fpm2 was removed from Debian because its upstream development is dead.[44]

Forum Topic[edit]

https://forums.whonix.org/t/done-add-password-manager-by-default/189

Status[edit]

fpm2 is installed by default.

Footnotes[edit]

Many thanks to Tails team for their discussion on the topic of password managers. [45]

  1. http://keepass.info/news/news_all.html
  2. https://www.keepassx.org/news/
  3. http://als.regnet.cz/fpm2/changelog
  4. http://packages.qa.debian.org/keepass2
  5. http://packages.qa.debian.org/keepassx
  6. http://packages.qa.debian.org/fpm2
  7. To the best knowledge of the author
  8. https://tails.boum.org/doc/encryption_and_privacy/manage_passwords/index.en.html
  9. http://dee.su/liberte
  10. http://keepass.info/help/v2/setup.html#mono
  11. https://www.keepassx.org/requirements/
  12. http://als.regnet.cz/fpm2/
  13. http://qa.debian.org/popcon.php?package=keepass2
  14. http://qa.debian.org/popcon.php?package=keepassx
  15. http://qa.debian.org/popcon.php?package=fpm2
  16. apt-get install keepass2
  17. apt-get install keepassx
  18. apt-get install fpm2
  19. apt-get install keepass2
  20. apt-get install keepassx
  21. apt-get install fpm2
  22. aptitude show keepass2
  23. aptitude show keepassx
  24. aptitude show fpm2
  25. http://keepass.info/features.html
  26. https://www.keepassx.org/features/
  27. http://als.regnet.cz/fpm2/about
  28. http://keepass.info/features.html
  29. https://www.keepassx.org/features/
  30. http://als.regnet.cz/fpm2/about
  31. http://keepass.info/features.html
  32. https://www.keepassx.org/features/
  33. http://als.regnet.cz/fpm2/about
  34. http://keepass.info/features.html
  35. https://www.keepassx.org/features/
  36. http://als.regnet.cz/fpm2/about
  37. http://keepass.info/features.html
  38. https://www.keepassx.org/features/
  39. http://als.regnet.cz/fpm2/about
  40. https://www.keepassx.org/bug-reports/
  41. https://packages.debian.org/sid/utils/passwordsafe1
  42. https://www.schneier.com/blog/archives/2014/09/security_of_pas.html
  43. KeePass 2's reaction to a MITM bug report against its Update Check: 8.2.2016 @ 15:45: Received response from Dominik Reichl: The vulnerability will not be fixed. The indirect costs of switching to HTTPS (like lost advertisement revenue) make it a inviable solution.
  44. https://forums.whonix.org/t/add-password-manager-by-default/189/21
  45. https://labs.riseup.net/code/issues/5745

Random News:

Please consider a recurring donation!


Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.