Movatterモバイル変換

[0]ホーム
URL:

Jump to content
WikipediaThe Free Encyclopedia
Search

KeePass

From Wikipedia, the free encyclopedia
Computer password management utility
Not to be confused withKeePassXC.
KeePass
KeePass 2.x Main Window
DeveloperDominik Reichl
Initial releaseNovember 16, 2003; 22 years ago (2003-11-16)
Stable release
2.x2.60[1][2] / 2 November 2025; 3 months ago (2 November 2025)
1.x1.43[3][4] / 1 March 2025; 11 months ago (1 March 2025)
Written inC# (2.x version),
C++ (1.x version)
Operating systemWindows,Linux,MacOS,BSD
Platform.NET Framework,Mono
Available inEnglish
TypePassword manager
LicenseGPL-2.0-or-later
Websitekeepass.infoEdit this at Wikidata
RepositorySourceforge

KeePass Password Safe is afree and open-sourcepassword manager primarily forWindows. It officially supportsmacOS andLinuxoperating systems through the use ofMono.[5] Additionally, there are several unofficialports forWindows Phone,Android,iOS, andBlackBerry devices, which normally work with the same copied or shared (remote) passworddatabase.[6][7][8][9][10] KeePass stores usernames, passwords, and other fields, including free-form notes and file attachments, in an encryptedfile. This file can be protected by any combination of amaster password, a key file, and the current Windows account details. By default, the KeePass database is stored on a localfile system (as opposed tocloud storage).[11]

KeePass comes in two different variants: KeePass 1.x and KeePass 2.x. Although the 1.x variant is the former variant it is supported indefinitely: Dominik Reichl: "2.x isn't the successor of 1.x, and 1.x isn't dead".[12] KeePass 2.x has a different software basis inC# instead of the formerC++. Mainlycommunication features are extended in KeePass 2.x: authentication with theWindowsuser account,remote and shared database editing as well as many plugins allowing communication and authentication with differentweb browsers,databases and more.[13][14]

KeePass 1.x and 2.x support a number ofplugins, although 2.x allows more plugins.[14] It has apassword generator and synchronization function, supportstwo-factor authentication, and has aSecure Desktop mode. It can use a two-channel auto-type obfuscation feature to offer additional protection againstkeyloggers.[15] KeePass can import from over 30 other most commonly used password managers.[15]

A 2017Consumer Reports article described KeePass as one of the four most widely used password managers (alongside1Password,Dashlane andLastPass), being "popular among tech enthusiasts" and offering the same level of security as non-free competitors.[16]

A 2019 Independent Security Evaluators study described KeePass as well as other widely used password managers as being unable to controlWindows 10's tendency to leave passwords in cleartext in RAM after they are displayed using Windows controlled GUI.[17] In addition, several GitHub projects (KeeFarce, KeeThief, Lazanga) specifically attack a running KeePass to steal all data when the host is compromised. KeePass cannot prevent password theft and, as Dominik Reichl, the administrator of KeePass, states, "neither KeePass nor any other password manager can magically run securely in a spyware-infected, insecure environment."[18]

Overview

[edit]

Import and export

[edit]

The password list is saved by default as a.kdbx file, but it can be exported to.txt,HTML,XML andCSV.[19] The XML output can be used in other applications and re-imported into KeePass using a plugin. The CSV output is compatible with many other password safes like the commercial closed-source Password Keeper and the closed-source Password Agent. Also, the CSVs can be imported by spreadsheet applications like Microsoft Excel orOpenOffice/LibreOffice Calc.

File format support can be expanded through the use of KeePass plugins.[20]

Multi-user support

[edit]

KeePass supports simultaneous access and simultaneous changes to a shared password file by multiple computers (often by using a shared network drive), however there is no provisioning of access per-group or per-entry.[21] As of May 2014, there are no plugins available to add provisioned multi-user support, but there exists aproprietary password server (now titled Keepass Hub, formerly known asPleasant Password Server) that is compatible with the KeePass client and includes provisioning.[22]

Auto-type and drag and drop

[edit]
An example of KeePass's auto-type function, which is triggered by a global hotkey

KeePass can minimize itself and type the information of the currently selected entry into dialogs, webforms, etc. KeePass has a global auto-type hot key. When KeePass is running in the background (with an unlocked database) and user presses down the hotkey, it looks up the selected (or correct) entry and enters every login and/or password characters sequence.[23] All fields, such as title, username, password, URL, and notes, can bedrag and dropped into other windows.[citation needed]

Windowsclipboard handling allows double-clicking on any field of the password list to copy its value to the Windows clipboard.

KeePass may be configured to randomize characters' input sequence to make it harder tolog keystrokes. The features is called Two-Channel Auto-Type Obfuscation (TCATO).[24]

Clipboard reset

[edit]

KeePass automatically clears the clipboard some time after the user has copied one of their passwords into it. KeePass features protection against clipboard monitors (other applications will not get notifications that the clipboard content has been changed).[citation needed]

KeePass at one time had a paste-once functionality, where after a single paste operation, the clipboard would be cleared automatically, but this was removed in version 2.x due to incompatibility and insufficient effectiveness.[25]

Browser support

[edit]

The auto-type functionality works with all windows, and consequently with all browsers. The KeeForm extension fills in user details into website form fields automatically. It is available forMozilla Firefox, Google Chrome, and Microsoft Edge. Internet Explorer also has a browser integrationtoolbar available.[26]

Built-in password generator

[edit]
User Interface of the password generator

KeePass features a built-inpassword generator that generates random passwords. Random seeding can be done through user input (mouse movement and random keyboard input).[23]

Plugins

[edit]

KeePass has a plugin architecture. There are various plugins available from the KeePass website (such as import/export from/to various other formats, database backup, integration, automation, etc.). Note that plugins may compromise the security of KeePass, because they are written by independent authors and have full access to the KeePass database.[14]

Wrapper

[edit]

KeePass has an opensource wrapper, QuicKeepass, that allows the use of KeePass more efficiently on Linux.[27]

Cryptography

[edit]

Runtime security

[edit]
"Add Entry" dialog in KeePass

According to the utility's author, KeePass was one of the first password management utilities to use security-enhanced password edit controls, in this case one called CSecureEditEx.[28] The author makes several claims regarding the security of the control and its resistance to password revealing utilities; however, the author does not cite or make any references to any third-party testing of the control to corroborate the claims of its security.[29]

Passwords are protected in memory while KeePass is running. On Windows Vista and later versions, passwords are encrypted in process memory using WindowsData Protection API, which allows storing the key for memory protection in a secure, non-swappable memory area. On previous Windows systems, KeePass falls back to using theARC4 cipher with a temporary, random session key.[30]

Offline security

[edit]
Create master key

Access to the database is restricted by a master password or a key file. Both methods may be combined to create a "composite master key". If both methods are used, then both must be present to access the password database. KeePass version 2.x introduces a third option—dependency upon the current Windows user.[31]KeePass encrypts the database with theAES,Twofish orChaCha20 symmetric cipher, where the first two are used in CBC/PKCS7 mode. AES is the default option in both KeePass editions, Twofish is available in KeePass 1.x, ChaCha20 is available only in KeePass 2.35 and higher.[32] However, a separate plugin provides Twofish as an encryption algorithm in KeePass 2.x. In KeePass 1.x (KDB database format), the integrity of the data is checked using a SHA-256 hash of the plaintext, whereas in KeePass 2.x (KDBX database format), theauthenticity of the data is ensured using a HMAC-SHA-256 hash of the ciphertext (Encrypt-then-MAC construction).[33]

Notable KeePass derivatives

[edit]
  • KeePassX, a multi-platform open source KeePass clone for Linux and macOS, built using theQt libraries.[34] As of December 2021, KeePassX is no longer actively maintained.[35]
  • KeePassXC (KeePass Cross-Platform Community Edition) is a fork of KeePassX written inC++.[36]
  • KeeWeb, a cross-platformJavaScript web application using the KeePass database format, desktop version built withElectron.

Reception

[edit]

In 2006[37] and 2016[38],Der Standard highlighted KeePass to its readers as an effective tool for managing and organizing passwords.

See also

[edit]

References

[edit]
  1. ^"KeePass 2.60 released". 2 November 2025.
  2. ^"KeePass 2.60 released". 2 November 2025.
  3. ^"KeePass 1.43 released". 1 March 2025.
  4. ^"KeePass 1.43 released". 1 March 2025.
  5. ^"Setup".KeePass.Archived from the original on 2023-12-09.
  6. ^"Download".KeePass.Archived from the original on 2021-07-22. Retrieved2015-12-24.
  7. ^"7Pass".Archived from the original on 2020-05-05. Retrieved2015-12-24 – via Word press.
  8. ^"KeePassDroid".Google Play Store. Brian Pellin.Archived from the original on 2 July 2014. Retrieved24 March 2024.
  9. ^"BlackBerry World – KeePass for BlackBerry".Appworld. Blackberry. Archived fromthe original on 2013-06-22. Retrieved2014-03-26.
  10. ^"iOS application".iTunes. Apple. Archived fromthe original on October 10, 2011.
  11. ^Zukerman, Erez."Tools for the Paranoid: 5 Free Security Tools to Protect Your Data".PC World. Retrieved2013-07-14.
  12. ^Reichl, Dominik,"Development Status FAQ",KeePass,archived from the original on 2023-02-28, retrieved2023-02-28.
  13. ^Reichl, Dominik,"Edition Comparison",KeePass,archived from the original on 2023-02-28, retrieved2023-02-28.
  14. ^abcReichl, Dominik."Plugins".Keepass.Archived from the original on 2021-02-06. Retrieved2021-10-04.
  15. ^abRubenking, Neil."KeePass Review & Ratings".PC Magazine. Retrieved2014-06-11.
  16. ^Chaikivsky, Andrew (2017-02-17)."Everything You Need to Know About Password Managers".Consumer Reports.Archived from the original on 2017-02-08. Retrieved2018-06-23.
  17. ^Bednarek, Adrian."Password Managers: Under the Hood of Secrets Management".Security evaluators. Retrieved2019-03-24.
  18. ^Reichl, Dominik."Security Issues".KeePass.Archived from the original on 2019-09-03. Retrieved2019-03-24.
  19. ^Reichl, Dominik (2019)."Features".KeePass. Retrieved2019-12-31.
  20. ^"2.x Plugins".KeePass. Retrieved2019-01-26.
  21. ^Reichl, Dominik."KeePass Help Center".Archived from the original on 2012-12-28. Retrieved2012-12-28.
  22. ^"Keepass Hub". Retrieved2024-10-15.
  23. ^abMarkton, Ben."KeePass Password Safe Professional".CNET.Archived from the original on 2014-07-14. Retrieved2014-06-11.
  24. ^Reichl, Dominik."Two-Channel Auto-Type Obfuscation".Keepass. Retrieved2021-09-15.
  25. ^Reichl, Dominik."What happened to the paste-once functionality in 2.x?".KeePass Forums. Retrieved2012-10-14 – via Source forge.
  26. ^KeeForm,archived from the original on 2014-07-12, retrieved2014-06-24.
  27. ^"QuicKeepass". September 28, 2021 – via GitHub.
  28. ^Reichl, Dominik."Secure Edit Controls".KeePass.Archived from the original on 2010-01-26. Retrieved2009-11-14.
  29. ^Reichl, Dominik (2005-04-17)."CSecureEditEx – A More Secure Edit Control".The Code Project. Archived fromthe original on 2006-02-17.
  30. ^Reichl, Dominik."Security".KeePass. Retrieved2007-12-13.
  31. ^Reichl, Dominik."Composite Master Key".KeePass. Retrieved2009-11-14.
  32. ^Reichl, Dominik."News: KeePass 2.35 available!".Keepass.Archived from the original on 2024-03-14. Retrieved2020-10-11.
  33. ^Reichl, Dominik."Security".KeePass.Archived from the original on 2020-10-17. Retrieved2020-10-11.
  34. ^Geyer, Felix."KeePassX 2.0 has arrived". Kee pass X. Archived fromthe original on 2015-12-22. Retrieved2015-12-07.
  35. ^"Development stopped". 9 December 2021.Archived from the original on 2021-12-12. Retrieved2021-12-09.
  36. ^"KeePassXC Password Manager".KeepassXC.Archived from the original on 2024-03-21. Retrieved26 January 2017.
  37. ^"Sichere Passwörter - statt Da Vinci Code".DER STANDARD (in Austrian German). Retrieved2025-11-22.
  38. ^"Schluss mit "123456": 1. Februar ist "Change your password"-Tag".DER STANDARD (in Austrian German). Retrieved2025-11-22.

External links

[edit]
Wikimedia Commons has media related toKeePass Screenshots.
Proprietary
Open source
Discontinued
Retrieved from "https://en.wikipedia.org/w/index.php?title=KeePass&oldid=1338176136"
Categories:
Hidden categories:
[8]ページ先頭
©2009-2026 Movatter.jp