KeePass vs. Password Safe -- Secure?

Hi Guys!

From the point of view of security, is KeePass just as secure as the Password Safe associated with Bruce Schneier? I find KeePass easier to use.

Thanks.

george75

 

Safe as can be. Ask yourself this question... "Will anyone be able to access my information and data within the Keypass database, without knowing my password?"

And the answer to that will help you make a decision if Keepass is for you or not.

 

TruthSeeker--

I'm a little puzzled at your answer. The question you pose is precisely the question that I am seeking a comparative answer for as concerns the relative merits of KeePass as compared to Password Safe. Is KeePass as good as Password Safe in answering the question?

Thanks.

george75

 

To find your answer, you will need to do a thorough due-diligence, and personally test the encryption using both programs and then hire a company to try to break the password using multiple PC's. And then after a few million years, you will have some conclusions and data to determine which one is better.

And in the meantime, there doesn't exist a single human being on Earth who can tell you which one is "better" than the other. Because both will encrypt your information, making them both just as "good" as each other.

"Safe" is as safe as you make it... use a long strong password and it will protect your database for many millions of years.

 

Well..... put truthseeker down as another who has no understanding of encryption. The fact is, implementation of encryption is as important as anything.

Do I have the answer to your question, George? No, I don't. But truthseeker's bizarre response is so off the wall as to be rendered useless. Why not ask that same question about Password Safe, TS? Or, ask it about Acme's Donald Duck Password Keeper? (don't Google it - there's no such thing).

I'm not helping much with your question, George - but I admit it. It's a pretty wide-open question that would require some research. But at least I'm being honest.

If I asked Truthseeker if the Chicago Chop House Steak House had good steaks - he would, I guess, ask me if I can see my steaks from the Chop House being any good. That should help me decide if I would like Chicago Chop House steaks.

George, I will say this: Keepass and Password Safe both have good reputations. Roboform is another that is an excellent program.

But to suggest that there's not a single human being who can differentiate between good and poor implementation of encryption is ridiculous.

 

And what are your qualifications in encryption algorithms?

And your post was useless, all it did was attack my reply, which was my honest comment, and then you offered no real answers to George. So the only objective of your post was to attack me, and that is not something you should do, because this is a democratic forum where I am allowed to give my free opinion.

And if you think my comment is not good, then that's your opinion based on your personal perspective. However, someone else may see the validity in my comment, so you should not generalize and claim it's useless.

 

One would have to study the differences between password safe and keepass. But it might just depend on how you computer is setup, I prefer Keepass it seems to work better with Opera Browser. But Password Safe might work too...just not as well, so it just might boil down to how well password safe or Keepass work for you.

 

You are absolutely tight. You did. And, I did too.

 

Let me guess: you have a masters degree in philosophy of logic, right?

No, I don´t think so...


@george75: Both are well regarded so quite honest it doesn´t matter which one you choose in the end. I´ve used Password Gorilla for a long time and recently switched to KeePass (AES with password + key file).

/C.

 

Are you claiming you speak for every human on Earth, and claim to know their personal opinons?

Your comments are childish and proves a limited focus, displaying a low awareness, by generalizing to know every humans own personal conclusions and opinion.

I may make my comment to 1000 people. 40% may agree with me. The other 40% may disagree, and the remaining 20% may not care either way. So you cannot claim that 100% of all humans on Earth would not see any validity in my comments.

Now go back to the your room and behave

 

There's very little independent information available about the overall security of either KeePass or Password Safe. Both are generally assumed to be secure, but if that's not good enough for you (and it wasn't for me) then I suggest you store either your KeePass database or your Password Safe database inside a TrueCrypt volume. I have done this with KeePass and it works perfectly well.

 

I have to adjust the figures: 2% gets puzzled by the comments in your posts and the other 98% just regard you as...different?

Regarding your simple-minded comments in your posts? Yes, absolutely...


@dantz: I´m doubtful about the additional value of encrypting the already encrypted database file, but if it gives the user the peace of mind so why not.
Maybe Justin could enlighten us about this issue if he drops by.

/C.

 

I find that interesting that you have convinced yourself that you have the power to be able to know what ever human on Earth believes and how they all interpret something. Simply amazing lol

It shows that your confidence in your own beliefs is standing on shaky ground. Because people who are confident in their own beliefs do not need to seek the confirmation from everyone else before they can feel comfortable.

 

Well, guys---

I've been responsible for a couple of threads that have provoked rather deep technical discussion. This is the first time I've provoked a food fight.

Let me pose my question more analytically.

1. From the point of view of cryptography, are both KeePass and Password Safe using the same standards of cryptological algorithms? I pose this question because on the one hand Password Safe uses only TwoFish--as might be expected since it's associated with one of the inventors of TwoFish--whereas KeePass gives you a choice of AES 256 (I think) and TwoFish. However, the terminology used in the KeePass documentation is a little different from that in the documentation for TrueCrypt and I need to confirm whether KeePass is using lesser standards or whether it's just terminological. For example KeePass says it's using SHA 2 for the hash algorithm whereas TC says it's using SHA512 (your choice from three). I have no doubt that if you set KeePass to use TwoFish, you're getting the same TwoFish that Password Safe is using.

2. From the point of view of implementation of the cryptological algorithms (thanks Justin Troutman!), how do the two stack up? Here someone who's an expert in cryptography who can read code would have to look at both programs. From what I've seen in the thread so far, if there is such a person he hasn't published any remarks that anyone is aware of.

Thanks to all.

George75

 

How do you set up Keepass to work with Opera?

 

By using Keepass' auto type functions.

 

Or you can copy(right click) the password or the user name to the clipbord and right click on the space on the web page and choose paste.

 

FWIW, I've been using PasswordSafe for four years without incident. I realize this is anecdotal, but as has been said, secure your mastersafe password and you should be fine. One thing both good and bad: if you forget or loose your master password - you're completely hosed. Not even the PasswordSafe folks at Sourceforge.net can crack it for you.

I can't speak to what it would take to hack PasswordSafe, but its functionality is absolutely fantastic.

Take care.

 

I've used both in the past now use Keepass because its Windows mobile version is more functional than password Safe's which was not being maintained. The desktop clients were much of a muchness IMO but like most I have no hard data on whether one is technically safer than the other.

Morpheus