KeePass vs. Password Safe -- Secure?

Discussion in 'privacy technology' started by george75, Oct 17, 2008.

Thread Status:
Not open for further replies.
  1. george75

    george75 Registered Member

    Joined:
    Aug 11, 2005
    Posts:
    65
    Hi Guys!

    From the point of view of security, is KeePass just as secure as the Password Safe associated with Bruce Schneier? I find KeePass easier to use.

    Thanks.

    george75
     
  2. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Safe as can be. Ask yourself this question... "Will anyone be able to access my information and data within the Keypass database, without knowing my password?"

    And the answer to that will help you make a decision if Keepass is for you or not.
     
  3. george75

    george75 Registered Member

    Joined:
    Aug 11, 2005
    Posts:
    65
    TruthSeeker--

    I'm a little puzzled at your answer. The question you pose is precisely the question that I am seeking a comparative answer for as concerns the relative merits of KeePass as compared to Password Safe. Is KeePass as good as Password Safe in answering the question?

    Thanks.

    george75
     
  4. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    To find your answer, you will need to do a thorough due-diligence, and personally test the encryption using both programs and then hire a company to try to break the password using multiple PC's. And then after a few million years, you will have some conclusions and data to determine which one is better.

    And in the meantime, there doesn't exist a single human being on Earth who can tell you which one is "better" than the other. Because both will encrypt your information, making them both just as "good" as each other.

    "Safe" is as safe as you make it... use a long strong password and it will protect your database for many millions of years.
     
  5. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Well..... put truthseeker down as another who has no understanding of encryption. The fact is, implementation of encryption is as important as anything.

    Do I have the answer to your question, George? No, I don't. But truthseeker's bizarre response is so off the wall as to be rendered useless. Why not ask that same question about Password Safe, TS? Or, ask it about Acme's Donald Duck Password Keeper? (don't Google it - there's no such thing).

    I'm not helping much with your question, George - but I admit it. It's a pretty wide-open question that would require some research. But at least I'm being honest.

    If I asked Truthseeker if the Chicago Chop House Steak House had good steaks - he would, I guess, ask me if I can see my steaks from the Chop House being any good. That should help me decide if I would like Chicago Chop House steaks.

    George, I will say this: Keepass and Password Safe both have good reputations. Roboform is another that is an excellent program.

    But to suggest that there's not a single human being who can differentiate between good and poor implementation of encryption is ridiculous.
     
  6. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    And what are your qualifications in encryption algorithms?

    And your post was useless, all it did was attack my reply, which was my honest comment, and then you offered no real answers to George. So the only objective of your post was to attack me, and that is not something you should do, because this is a democratic forum where I am allowed to give my free opinion.

    And if you think my comment is not good, then that's your opinion based on your personal perspective. However, someone else may see the validity in my comment, so you should not generalize and claim it's useless.
     
  7. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    One would have to study the differences between password safe and keepass. But it might just depend on how you computer is setup, I prefer Keepass it seems to work better with Opera Browser. But Password Safe might work too...just not as well, so it just might boil down to how well password safe or Keepass work for you.
     
  8. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    You are absolutely tight. You did. And, I did too.
     
  9. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Let me guess: you have a masters degree in philosophy of logic, right?


    No, I don´t think so...


    @george75: Both are well regarded so quite honest it doesn´t matter which one you choose in the end. I´ve used Password Gorilla for a long time and recently switched to KeePass (AES with password + key file).

    /C.
     
  10. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Are you claiming you speak for every human on Earth, and claim to know their personal opinons?

    Your comments are childish and proves a limited focus, displaying a low awareness, by generalizing to know every humans own personal conclusions and opinion.

    I may make my comment to 1000 people. 40% may agree with me. The other 40% may disagree, and the remaining 20% may not care either way. So you cannot claim that 100% of all humans on Earth would not see any validity in my comments.

    Now go back to the your room and behave :)
     
  11. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    There's very little independent information available about the overall security of either KeePass or Password Safe. Both are generally assumed to be secure, but if that's not good enough for you (and it wasn't for me) then I suggest you store either your KeePass database or your Password Safe database inside a TrueCrypt volume. I have done this with KeePass and it works perfectly well.
     
  12. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    I have to adjust the figures: 2% gets puzzled by the comments in your posts and the other 98% just regard you as...different?

    Regarding your simple-minded comments in your posts? Yes, absolutely...


    @dantz: I´m doubtful about the additional value of encrypting the already encrypted database file, but if it gives the user the peace of mind so why not.
    Maybe Justin could enlighten us about this issue if he drops by.

    /C.
     
  13. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    I find that interesting that you have convinced yourself that you have the power to be able to know what ever human on Earth believes and how they all interpret something. Simply amazing lol o_O

    It shows that your confidence in your own beliefs is standing on shaky ground. Because people who are confident in their own beliefs do not need to seek the confirmation from everyone else before they can feel comfortable.
     
  14. george75

    george75 Registered Member

    Joined:
    Aug 11, 2005
    Posts:
    65
    Well, guys---

    I've been responsible for a couple of threads that have provoked rather deep technical discussion. This is the first time I've provoked a food fight.

    Let me pose my question more analytically.

    1. From the point of view of cryptography, are both KeePass and Password Safe using the same standards of cryptological algorithms? I pose this question because on the one hand Password Safe uses only TwoFish--as might be expected since it's associated with one of the inventors of TwoFish--whereas KeePass gives you a choice of AES 256 (I think) and TwoFish. However, the terminology used in the KeePass documentation is a little different from that in the documentation for TrueCrypt and I need to confirm whether KeePass is using lesser standards or whether it's just terminological. For example KeePass says it's using SHA 2 for the hash algorithm whereas TC says it's using SHA512 (your choice from three). I have no doubt that if you set KeePass to use TwoFish, you're getting the same TwoFish that Password Safe is using.

    2. From the point of view of implementation of the cryptological algorithms (thanks Justin Troutman!), how do the two stack up? Here someone who's an expert in cryptography who can read code would have to look at both programs. From what I've seen in the thread so far, if there is such a person he hasn't published any remarks that anyone is aware of.

    Thanks to all.

    George75
     
  15. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,302
    Location:
    Location Unknown
    How do you set up Keepass to work with Opera?
     
  16. Squeller

    Squeller Registered Member

    Joined:
    Sep 13, 2008
    Posts:
    20
    By using Keepass' auto type functions.
     
  17. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    Or you can copy(right click) the password or the user name to the clipbord and right click on the space on the web page and choose paste.
     
  18. MarkW

    MarkW Registered Member

    Joined:
    Dec 24, 2006
    Posts:
    48
    FWIW, I've been using PasswordSafe for four years without incident. I realize this is anecdotal, but as has been said, secure your mastersafe password and you should be fine. One thing both good and bad: if you forget or loose your master password - you're completely hosed. Not even the PasswordSafe folks at Sourceforge.net can crack it for you.

    I can't speak to what it would take to hack PasswordSafe, but its functionality is absolutely fantastic.

    Take care.
     
  19. Morpheus

    Morpheus Registered Member

    Joined:
    Aug 13, 2003
    Posts:
    45
    I've used both in the past now use Keepass because its Windows mobile version is more functional than password Safe's which was not being maintained. The desktop clients were much of a muchness IMO but like most I have no hard data on whether one is technically safer than the other.

    Morpheus
     
Loading...
Thread Status:
Not open for further replies.