Free Password Manager KeePass - a feature rich, free, very secure, and easy-to-useInside This ArticleIntroduce Free Password Manager - KeePass
KeePass is a free, open-source, light-weight and easy-to-use password manager
for Windows 9x/ME/NT/2000/XP.
KeePass is a free/open-source password manager or safe which helps you to manage
your passwords in a secure way. You can put all your passwords in one database,
which is locked with one master key or a key-disk. So you only have to remember
one single master password or insert the key-disk to unlock the whole database.
The program stores your passwords in a highly encrypted database. The databases
are encrypted using the best and most secure encryption algorithms currently
known (AES and Twofish). This database consists of only one file, so it can be
easily transferred from one computer to another.
Security Feature Highlights
- Highly encrypted databases by using AES and Twofish secure encryption
algorithms. All databases are encrypted. KeePass always encrypts the whole
database, i.e. not only your passwords. Your usernames, notes, even the
entry times and UUIDs, etc. are encrypted, too.
- Support of master passwords and key-disks.
- Runs on all Windows operating systems and .Net doesn't need to be
- Export password list to TXT, HTML, XML or CSV files.
- Import from CSV, CodeWallet(Pro) TXT and Password Safe v2 TXT files.
- Easy database transfer from one computer to another.
- Support of password groups.
- URL, Notes, Expiry time fields and entry attachment support.
- Auto-type, global auto-type hot key combination and drag-n-drop support.
- Intuitive and secure Windows clipboard handling: Using the context menu of
the password list to quickly copy password or username to the Windows
- Searching and sorting the password database.
- Multi-language support.
- Strong random password generator by using random user input.
- Low memory requirement.
- Plugin architecture: Other people can write plugins for KeePass, extending
its functionality. You can download the latest KeePass plugins (and their
source code) from: http://keepass.sourceforge.net/plugins.php
KeePass free and you have full access to its source code! It has been
developed using Microsoft Visual C++ with MFC classes. No .NET framework is
required, nor any other special DLLs. It should run on all Windows operating
Get KeePass in your language
- Database encryption.
The databases are encrypted using one of the following two block ciphers:
These algorithms are well-known, well-analyzed and generally considered to
be secure by the cryptographic community.
- Protection against dictionary and guessing attacks.
KeePass offers some protection against guessing and dictionary attacks. This
is only needed when using master passwords, key-disks don't need this, they
are more secure anyway.
- In-memory passwords protection.
While KeePass is running, your passwords are encrypted using a 'session key'
(randomly generated at startup). This means, that even if you would dump the
whole KeePass process memory to disk, you couldn't find the passwords (at
least not in plain text).
KeePass securely erases all security-critical memory when it's not needed
any more, i.e. it overwrites those memory areas with random data before
zeroing and releasing it (this applies to all security-critical memory, not
only the passwords field).
This feature is very effective. When testing against Actual Spy (a
comprehensive spy software), Actual Spy's Clipboard activity couldn't
capture the password copied from KeePass. To enable in-memory passwords
protection in KeePass, click menu item Tools => Options, and then click
the Memory tab. See screenshot below. You can download Actual Spy trial
version here and test
it out by yourself.
- Random number generation.
We need to generate several 'random' bytes (for the IV, the master key salt,
etc.). For this, several pseudo-random sources are used: current tick count,
performance counter, system date/time, mouse cursor position, memory status
(free virtual memory, etc.), active window, clipboard owner, various process
and thread IDs, various window focus handles (active window, desktop, ...),
window message stack, process heap status, process startup information and
several system information structures.
This pseudo-random data is collected in a random pool. To generate 16 random
bytes, the pool is hashed (SHA-256) with a counter to form the final 16
random bytes. The counter is increased after 16 generated bytes, this way we
can produce as many secure random bytes as we need.
- Locking the workspace.
Locking the workspace just closes the database completely, but remembers the
last view settings (i.e. which group and entry you selected, list position,
etc.). This provides maximum security (unlocking the workspace is as hard as
opening the database the normal way) and prevents data-loss (what if your
computer crashes while the workspace is locked?).
Each time you start KeePass, the program will perform a quick self-test to
see whether the block ciphers and the hash are compiled correctly and pass
their test-vectors. If one of the algorithms doesn't pass its test-vector,
KeePass will show you a security exception message box at startup.
KeePass can be translated into other languages very easily (over 20 languages
are available already). The program has a strong random password generator (you
can define the possible output characters).
Inside This Article
Other Recent Articles from the Safe Computing category: