Talk:KeePass

Copyright
Is this a copyvio from here? There are many exactly duplicated sentences in each, and a copyright is claimed on the linked page.--Hansnesse 19:03, 21 January 2006 (UTC)

NPOV
The entire article reads like an argument for using KeePass. I added the {advertisement} tag for cleanup. Paul6743 04:10, 21 October 2006 (UTC)

.NET
Note that KeePass version 2 (currently in alpha) is written entirely in .NET, unlike the current 1.x who doesn't need it. grawity 18:51, 31 March 2007 (UTC)

Not an Advertisement
I know nothing about this software, and the article does read like advocacy. However, most if not all of the statements that it makes are empirically verifiable or falsifiable claims. Unless there's clear evidence that some of the material is untrue, it merits rewriting more than deletion. kraemer 05:16, 10 July 2007 (UTC)

Cryptanalysis?
Has anyone done an attack or a produce cryptanalysis report to prove its credibility.

Shin-chan01 (talk) 21:55, 17 November 2007 (UTC)

Flaws, Drawbacks, Shortcomings or Criticism?
This may be a well-written program or not, but I have no personal knowledge either way. However, in order to have/maintain NPOV and following on the comment in "Cryptanalysis?" above, I think there should be a section included about known or potential issues with this software. Two items come to mind: (1) someone only needs to crack a single password to have access to 50 or so others, and; (2) if the password file has a fixed (or even default) filename, it would be a logical target for code crackers. It seems like the latter is indirectly addressed in the current version of the article, but it could be clearer IMHO.
 * Even if you have the actual file sent to you for cracking, if it is secured by a reasonably long master password (like 12 random characters) it will do you no good. A firsthand report of such a failed attempt can be found at http://www.excivity.com/ComputeCycle/cracking-keepass-passwords/ - the reason why this is so is explained in the KeePass documentation - the file is encrypted many times over so that it actually takes a real amount of time for each try. Cynebeald (talk) 16:26, 26 September 2012 (UTC)

I found out about this program at about the same time from our (large, trustworthy) corporate IT department and from a monthly newsletter from HP. I was concerned when I looked it up and didn't find a discussion of the potential problems I mentioned above. If KeePass has already addressed these issues, it should be mentioned.--CheMechanical (talk) 17:12, 27 January 2008 (UTC)

Comparison with built-in OS solutions?
I would be interested on how this compares to e.g. Apple Keychain in terms of encryption / hackability. The same holds for any Windows-own password storage if there is any. Perhaps this information should also onto the appropriate pages for OS-included password databases. —Preceding unsigned comment added by 85.176.183.231 (talk) 05:48, 10 July 2008 (UTC)

As per my comments below on OpenSource - Both KeyChain and KeyPass are safe. Given what these programmes do that is paramount - above even the user interface and functionality. — Preceding unsigned comment added by 84.92.230.173 (talk) 12:29, 7 November 2015 (UTC)

Data Fields
In my current task of evaluating different Password keeper/manager programs for both Mac and Windows, I would like to add a section which lists the data items that KeePass (and KeePassX) store. Any objections to my adding that as a new section? Beginnersview (talk) 10:00, 15 September 2008 (UTC)

KeePassX
The article KeePassX was merged into this one, and now redirects here, however, there is almost no mention of KeePassX; just one sentance that links to KeePassX, which redirects here. HuGo_87 (talk) 16:32, 18 April 2011 (UTC)


 * HuGo_87, Good point. I added an external link and the logo. Keith Cascio (talk) 02:56, 1 January 2012 (UTC)


 * KeePassX is not KeePass! It started as a KeePass clone, KeePass/L for Linux, but since long is a software on its own, also available for Windows. It shouldn't be merged with KeePass. You don't merge other password managers too... JaKi143 (talk) 14:52, 15 September 2013 (UTC)

I agree with this; KeePassX should have a separate page. AdmiredSneeze (talk) 14:29, 6 January 2016 (UTC)

Brief Security Audit Paper - 2014
This could be useful in assessing KeePass's security:

https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-silver.pdf

Exercisephys (talk) 23:41, 14 September 2014 (UTC)

KeeFox
The version is 1.4.6 - Released 2015 Jan 15 on Mozilla Addons Page 69.230.97.74 (talk) 05:43, 27 January 2015 (UTC)

Security issue?
https://news.ycombinator.com/item?id=9727297 — Preceding unsigned comment added by 109.106.59.240 (talk) 21:46, 16 June 2015 (UTC)
 * It is a forum post, not anywhere near WP:RS - Ahunt (talk) 19:18, 17 June 2015 (UTC)

Open Source
I feel one of the biggest threats in a password manager is simply that it has a back door. A password manager written by a small company or private individual could in theory become popular through a good interface design and other facilities - only to be "harvested" via internet of everyone's bank account details a few years further down the road. Consequently there are only two forms of password manager worthy of trust and they are 1) Those promoted by multinationals of some intrinsic standing (Microsoft, Apple, IBM, HP...) who would have so much to lose from such a product going rogue it can then be assumed trusted if it carries their name 2) Programs that are managed by an open source community where the code can be freely inspected - which does not undo the security as that still needs the password - it just makes plain there is nowhere for malicious code to hide.

Not only should this article make plain this is the case with KeyPass - all such articles about open source should mention it prominently.

I feel sorry about small independents making such software re my comment, but frankly they should not be coding and promoting such things.


 * By an IT professional and long term user of KeyPass, despite any shortcomings; entirely due to the above. ** — Preceding unsigned comment added by 84.92.230.173 (talk) 12:27, 7 November 2015 (UTC)
 * Lawl, better read Dual_EC_DRBG and Prism_slide_5.jpg. Multinationals will sell you for the highest bid. --分液漏斗 (talk) 18:26, 13 June 2016 (UTC)

Do you trust that there is no backdoor in Bit Locker simply because it is the product of a large corporation? I don't. Gentleman wiki (talk) 09:14, 11 March 2017 (UTC)

EU-FOSSA security software audit underway
Not sure if this is already worth including, but the EU-FOSSA project is currently auditing KeePass. Just as a note, maybe someone wants to work it in or keep track, and work in the results. https://joinup.ec.europa.eu/community/eu-fossa/home 149.172.134.6 (talk) 15:01, 27 August 2016 (UTC)

Cryptography
Without being too technical there should be a mention of the user configurable key derivation function. Notably Argon2 is now available which is indeed very interesting. Gentleman wiki (talk) 02:20, 8 March 2017 (UTC)
 * Do you have a ref that explains that? - Ahunt (talk) 02:27, 8 March 2017 (UTC)
 * There is no official user manual, all the information is on several web pages. Specifically for the KDF it is here. Gentleman wiki (talk) 18:56, 13 April 2017 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified one external link on KeePass. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20060217114706/http://www.codeproject.com/editctrl/SecEditEx.asp to http://www.codeproject.com/editctrl/SecEditEx.asp

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 16:46, 3 May 2017 (UTC)

"Keep ass" listed at Redirects for discussion
An editor has asked for a discussion to address the redirect Keep ass. Please participate in the redirect discussion if you wish to do so. Shhhnotsoloud (talk) 12:55, 1 April 2020 (UTC)

Yes, let's discuss this, quickly, until April 1st is over ;-) -- Evilninja (talk) 16:47, 1 April 2020 (UTC)

KeePassium and other list entry removals
I disagree that the following contribution was not notable and looks like Spam. We can always discuss here what‘s notable or not but I hate deletions that remind me on the behavior of the |Wikipedia Deletion Mafia on Wikipedia.de experienced years ago deleting contributions of other authors having a different perception or understanding of what‘s noteable.

KeePassium entry removed as not noteable

 * KeePassium is an iOS App variant working on Apple devices with Face ID or Touch ID and supporting synchronization with iCloud, Dropbox, OneDrive as well as other cloud storages. The commercial version includes premium features such as YubiKey support and is getting offered with a yearly or lifetime license.

I also hate Spam and have been an active contributor for a long time. What’s relevant for me and others might not be relevant for you, but can’t we accept others having a different opinion and discuss before delete? That‘s what these pages are existing for, or? WikipediaMaster

Arguments for removal

 * The article section is entitled "Notable KeePass derivatives". "Notable" means we have a Wikipedia article about it to link to, which in this case we don't. There are dozens of KeePass copycats and forks, most of which are just simple rebrandings. If it is notable then there will be an article about it, if it isn't notable then there won't. Using the website selling the software as a ref makes the addition look like WP:PROMOTION and WP:SPAM. If you think KeePassium meets WP:GNG then please feel free to start an article about it and then we can link it from here.
 * Furthermore this page says it is a fork of KeePassDroid, which is another non-notable fork of KeePass. It would be more appropriate to list it as a fork of KeePassDroid, if both had Wikipedia articles about them. As it stands it is a fork of a fork.
 * As far as accusing other editors who disagree with you of being "mafia" violates WP:CIVIL, WP:AGF and WP:NPA, so I suggest you reword your post above to remove that accusation . - Ahunt (talk) 19:53, 4 March 2023 (UTC)
 * KeePassB for Blackberry was a fork of KeePassDroid but the KeePassium page states at the end: "So I learned Swift and made KeePassium."
 * I am not convinced it is a fork as you describe it. Checking Github it shows it's 91% Swift code based and only the rest is C/C++ while for KeePass I find under General Information:
 * The source code package contains everything you need to compile KeePass. It includes the C#/C++ source code and header files, resource files, sources for building the installer, etc. Keepass Website WikipediaMaster (talk) 13:20, 5 March 2023 (UTC)

Excuse me
Sorry if you felt accused, that was not my intention, but there are so many things noteable not existing yet as article in Wikipedia and that's why the wiki system actually got designed in the way that noteable missing articles appear with red links so other users or authors can pick up on it.

Notability and perception
It's also noteable that notable isn't defined like you try to define it here on Wikipedia as you do so to be able to find a reason for the deletion of my contribution just as you don't agree it is noteable enough yet. I agree there are many forks but this is quite sure one of the most noteable once for iOS I have seen and used since MiniKeePass has been discontinued. I agree it looks a bit like promotion as I referenced it’s website (not as Spam but) as relevant information source due to the fact that I am not the only user (following AppStore ratings) seeing it as a remarkable high quality fork for iOS.

Following the idea of Wikipedia it’s important we continue promoting the creation of new articles using wiki syntax like I did instead of fighting for opinions that don‘t fit with your, my or a third parties idea about what’s relevant or not to be added to Wikipedia. It‘s fine we are both here because it‘s for the same purpose! Greetings from WikipediaMaster

The Problem …

 * The article history shows what the problem was before I cleaned it up in 2019: https://en.wikipedia.org/w/index.php?title=KeePass&oldid=933164978#Unofficial_KeePass_derivatives As you can see, just masses of non-notable KeePass forks and almost all WP:PRIMARY refs. - Ahunt (talk) 01:17, 5 March 2023 (UTC)

… Not a problem

 * I do not see a problem in that, because a big part of the list you deleted had references and the title was much more open minded then what you made out of it. You try to decide for others what‘s notable in Wikipedia but that‘s not my mindset and will never be when I come here because by that I would try to push my opinion into the mind of others which is far to close to censorship for me. Unfortunately nobody went in discussion with you when you started your „notable“ crusade in 2019. WikipediaMaster (talk) 11:03, 5 March 2023 (UTC)

Excerpt from Wikipedia Notability guidelines
Notability guidelines do not apply to content within articles or lists. (They apply e.g. to the CREATION of stand alone lists, not to the contents.)

The criteria applied to the creation or retention of an article are not the same as those applied to the content inside it. The notability guideline does not apply to the contents of articles. It also does not apply to the contents of stand-alone lists, unless editors agree to use notability as part of the list selection criteria. Content coverage within a given article or list (i.e. whether something is noteworthy enough to be mentioned within the article or list) is governed by the principle of due weight, balance, and other content policies. WikipediaMaster (talk) 12:13, 5 March 2023 (UTC)

Missing editor agreement on 2019 deletions
There is no clear editor agreement regarding the List of KeePass forks or derivates removed by user: Ahunt in 2019 as „not notable“. Fact is that the deletion got never discussed before, so the principle of due weight, balance, and other content policies being applied correctly can at least be questioned here. Find below the list entries that got removed in 2019. WikipediaMaster (talk) 12:13, 5 March 2023 (UTC)

Unofficial KeePass derivatives
WikipediaMaster (talk) 12:13, 5 March 2023 (UTC)
 * kpcli, a command line interface to KeePass database files, written in Perl and with a familiar Unix shell-style user interface.
 * KeePassC, a curses-based password manager compatible to KeePass v.1.x and KeePassX, written in Python 3.
 * 7Pass or WinPass for Windows Phones, a port of KeePass for Windows Phone devices.
 * KeePass for Blackberry, a Blackberry port of KeePass for RIM devices
 * KeePassMobile, KeePass port for mobile phones (Java ME)
 * KeePass for J2ME, a Java ME port of KeePass for mobile phones
 * iKeePass, a port of KeePass for iOS
 * MiniKeePass for iOS
 * MyKeePass for iPhone
 * KeePassDroid, a port of KeePass for Android
 * KeePassDX for Android
 * Keepass2Android, a port of KeePass 2.x for Android using Mono for Android
 * KeepShare, an enhanced, read-only KeePass client for Android
 * KeePass for SmartDevices, a port of KeePass for Windows Mobile and PocketPC devices
 * KyPass, a port of KeePass for iOS and Mac OS X.
 * KeePass for OS X, using Mono
 * PassDrop for iOS. Includes full read/write Dropbox support.
 * KeePassB – native BlackBerry 10 app with read/write support
 * KeePass for BlackBerry. Native port for BlackBerry 10 devices.
 * MacPass, a free and open source native client for macOS
 * ownKeepass for Sailfish OS
 * Kee (previously known as KeeFox) for Mozilla Firefox, Google Chrome
 * Kee Vault for Mozilla Firefox Google Chrome
 * CKP for Chrome OS and Google Chrome
 * Passafari, an extension for Safari
 * KeePassium for iOS – an open-source freemium app, with automatic sync and AutoFill support

Edit consensus and time

 * See WP:EDITCONSENSUS, this has stood for four years. Most of the refs for all these non-notable forks are WP:PRIMARY. If they were in any way notable then there would be third party refs such as tech media reviews. Just because "stuff exists" is no reason for it to be in a Wikipedia article. In fact we have a Wikipedia policy that prohibits this: WP:INDISCRIMINATE, that explicitly requires independent sources: To provide encyclopedic value, data should be put in context with explanations referenced to independent sources. You will note in the list you put in above that not a single entry there has a third party ref, all are primary refs, mostly the github page or website for the project, so none comply with the policy for inclusion in the article. - Ahunt (talk) 13:37, 5 March 2023 (UTC)


 * Time passed is not to be seen equal to edit censensus, it just means nobody cared about it before. Have you seen my feedback above on your Arguments for Removal? That is based on a small research on Primary sources (and most of the current references of the complete KeePass article are!) while your interpretation of Primary source appears very strange to me. GitHub, Sourceforge, Apple, Blackberry, etc. are not the primary source of the listed software and also not of the editor list entries you removed, they offer services for developers to host, version control and publish their work. I really start to question your understanding here. Tech media reviews are as much independent as the given sources, or do you really believe they don’t get payed for their reviews? Believe it or not, small software developers will not have the money to pay expensive tech reviews and no, I am not a software developer. Notable and not notable is too much black and white, I also got biased by too much involvement in Wikipedia in the past and I am happy I stepped away from that. WikipediaMaster (talk) 14:50, 5 March 2023 (UTC)


 * Just to correct a few misconceptions you have expressed here. First, software project pages on sources such as GitHub are established and written by the software developer, they are WP:PRIMARY sources, the same as any website created by the software developer. GitHub, et al are just web hosts. Listing in software stores are also written by the software developers and are primary sources. The role of the software store operator is usually limited to removing offensive content, such as malware after complaints. The use of those as references in no way complies with the Wikipedia policy WP:INDISCRIMINATE, which specifically requires lists of data to be sourced to independent third party sources.


 * Second, if you think software developers of any size pay for reviews in third party tech publications, then you are sorely mistaken. I actually work as a software reviewer for a magazine and I can assure that no one at the magazine gets any money from the products reviewed. Unless we do an interview for publication, we actually have no contact with the developers at all. The software is reviewed upon its own merits. Aside from the simple fact that this is just not the way the tech media works, you have to ask yourself why anyone would pay for reviews that are critical and/or negative? In general the tech media is indeed independent, because if it was just printing endless glowing press releases no one would trust it.


 * Third regarding your statement: Time passed is not to be seen equal to edit censensus, it just means nobody cared about it before. That is exactly what an editing consensus is, a lack of objections from other editors. Wikipedia consensus usually occurs implicitly. An edit has presumed consensus until it is disputed or reverted. Should another editor revise that edit then the new edit will have presumed consensus until it meets with disagreement. In this way, the encyclopedia gradually improves over time.


 * Where we are now on this issue is that we had a four year editing consensus to only include KeePass derivatives that have their own articles, which is admittedly more restrictive than the Wikipedia policy. Like any editing consensus this can be changed. I would suggest if you don't like that, that we simply go to directly complying with the Wikipedia policy and instead list only forks of KeePass that are supported by proper independent third party refs. It is worth noting that, as described on its own website, that KeePassium is not a fork of KeePass, but instead a fork of KeePassDroid, which is a fork of KeePass. - Ahunt (talk) 15:30, 5 March 2023 (UTC)
 * I know tech magazines in other tech areas that publish contents written by the producers of the products and I am sure the same happens in this tech area also.
 * You repeat the same unproven statement regarding KeePassium being a fork of KeePassDroid, the website only states KeePassB for Blackberry was a fork of KeePassDroid but also "So I learned Swift and made KeePassium." not stating anything about a fork being used as basis for KeePassium.
 * I can agree to stop the discussion here as 90%+ of KeePassium code are Swift and not KeePass code based, so we can agree it’s notable different from KeePass. WikipediaMaster (talk) 16:41, 5 March 2023 (UTC)


 * Regarding your claim You repeat the same unproven statement regarding KeePassium being a fork of KeePassDroid, the website only states KeePassB for Blackberry was a fork of KeePassDroid, my statement above was directly based on the KeePassium website I cited: Who makes KeePassium? Hi, my name is Andrei and I am making KeePassium. It all started in 2013 with BlackBerry PlayBook. It was a fine tablet, but it lacked apps. Conveniently, however, it could run Android apps and I knew how to make them. So I forked KeePassDroid and adapted its UI to look more native on the tablet. And people liked it! Seems pretty conclusive to me.
 * As you note though, we can probably just close this discussion. - Ahunt (talk) 17:16, 5 March 2023 (UTC)

Can anyone update the main page to version 2.56?
I can't figure out how to update it. Pineconefoxowlyipman (talk) 05:57, 27 March 2024 (UTC)