PasswordSafe vs. KeePass Password Safe
Last month, I recommended a free program on SourceForge called PasswordSafe for keeping track of all your various and sundry passwords. There are actually numerous projects on SourceForge for keeping track of passwords, and two of them have the words “password safe” in the name. The one I spoke of is simply called “Password Safe” (sometimes written with the space between words, and sometimes without). An equally worthy and more popular project is called “KeePass Password Safe” (which I will refer to simply as KeePass from now on, to avoid confusion). Indeed, KeePass is currently the sixth most popular project of all the projects on SourceForge.
PasswordSafe has evolved over several years, and is currently on version 3.07. It’s plain to see that PasswordSafe was the inspiration for KeePass. The current stable version of KeePass is 1.07. A quick survey reveals that it has all of the same usability features of PasswordSafe, many of which are implemented better or more thoroughly. It also appears to be just as secure, and it has better documentation. The one obvious difference between the two is that PasswordSafe provides different views for the database (hierarchical and flattened), whereas KeePass only offers the hierarchical view. The bottom line is they both do the same job, and do it well. If I was not already used to using PasswordSsafe, then I might be inclined to use KeePass instead.
My one concern with KeePass is that the new 2.0 version currently in alpha test requires .Net. The decision to go with .Net is being questioned by many of the users in the KeePass forum. These users are complaining that being tied to .Net limits the portability of KeePass. They keep the current version of the KeePass program, together with the database, on a USB drive that they carry around. If they were to upgrade to 2.0, that would mean that any machine they want to run it on would not only have to have .Net, but it would have to have the correct version of .Net.
On the other hand, the PasswordSafe team is pledged to making their software more portable, not less. You’ll find on the PasswordSafe project page that a Java port of the software is under development (currently at version 0.6).
PasswordSafe
Latest Version: 3.07 (2007-03-29), 0.6 (Java port)
Platform: Any version of Windows
Author: Team led by Rony Shapiro
Price: Free (FOSS)
Download Link: sourceforge.net/projects/passwordsafe
KeePass Password Safe
Latest Version: 1.07 (2007-04-16), 2.02 Alpha Test (2007-04-11)
Platform: Any version of Windows
Author: Team led by Dominik Reichl
Price: Free (FOSS)
Download Link: sourceforge.net/projects/keepass
Joe wrote:
Nice comparison.
Another thing to keep in mind is the ability to use both on Linux. As I work for small and medium size businesses I tend to do a variety of work on Linux and Windows boxes. At home I run multiple version of both OSes and it is nice to be able to port my db over to either due to the fact they have ports to Linux as well.
Debian based distro:
apt-get install keepassx
apt-get install mypasswordsafe
Be warned however that the implementation of passwordsafe on Linux is _slow_ if you have a large db like I do. It takes close to 30 seconds - 1 minute to load depending on whatever else it going on. It maxes the CPU out at 100% and an educated wild guess is it has to due with iterating over the data to create the hierarchical tree.
Posted 30 Oct 2007 at 9:46 pm ¶
Emmanuel wrote:
You could also look at Password Gorilla for a cross-platform alternative.
Posted 17 Jan 2008 at 3:03 pm ¶