Then you can use fzf to select the appropriate key (and see a preview to the side). (Or if you want to be insecure, you can also set them as environment variables: export KPPW="Your KeepassxC password" It will help you choose the database file (using fd – fdfind on Debian) presuming it’s got a kbdx extension) and enter the password for the file. While there are some helper scripts out there, they’re in python or other languages, sometimes unmaintained, and hugely complicated for my use case. While there is a command-line interface for KeepassXC, with all the features, it is a bit cumbersome for “show me the password for this entry”. īut I’ve been living in the terminal more, and so I wanted something that I could quickly pull up in a tmux window or somesuch. KeePassXC uses the KeePass 2.x password database format as the native format. It is built using Qt5 libraries, making it a multi-platform application which can be run on Linux, Windows, and macOS. It started as a community fork of KeePassX. KeePassXC is a free and open-source password manager. These programs have always been a good way to have a free – or very low cost – synchronized cross-platform password manager that’s entirely in your control.Įach version has its pluses and minuses, though I’ve settled with KeepassXC. I have long been a fan of Keepass, KeepassX, and KeepassXC – all part of the informal “Keepass Family”. See the animated GIF below if you’re not sure how this would be useful. TL DR: Using fzf, you can get your passwords out of your Keepass database from the commandline easily with this script. KeePassXC offers Argon2 which slows down brute force attacks by magnitudes.Man, talk about post titles that either pique interest or turn people off VERY quickly, lol. In times of easy access to massive GPU compute, I would not trust my password store to such a weak KDF. The old KDBX format uses a custom AES-KDF, which is not memory-hard and therefore easy to brute force. So even with more features, the KeePassXC source code is a lot cleaner and easier to test.Īs for the security of AES, it's true that nobody has broken it yet (quantum computers will change that, 128bit block size is not that much after all), but the encryption is only as strong as its weakest link and most of the time that is the secret key. Felix did a great job back in the day when he maintained KeePassX, but apparently he lost time or interest in the project and we have improved a lot of the code base since the fork. Also, should there ever be a vulnerability, it is questionable how fast it will be patched in KeePassX given the lack of an active team of developers. KeePassX does not have (and for the most part never really had) this kind of double check, since it has/had mainly one developer. Every patch that is merged into the main tree is reviewed by at least one other core developer. There are a lot more eyes looking at the KeePassXC source code. KeePassX has no known security vulnerabilities, but that doesn't mean it's automatically the safest option (neither does KeePassXC BTW). I know this thread is a month old, but let me answer some of your concerns.
0 Comments
Leave a Reply. |