PasswordSafe vs. KeePass Password Safe

PasswordSafe vs. KeePass LogosLast month, I recommended a free program on SourceForge called PasswordSafe for keeping track of all your various and sundry passwords. There are actually numerous projects on SourceForge for keeping track of passwords, and two of them have the words “password safe” in the name. The one I spoke of is simply called “Password Safe” (sometimes written with the space between words, and sometimes without). An equally worthy and more popular project is called “KeePass Password Safe” (which I will refer to simply as KeePass from now on, to avoid confusion). Indeed, KeePass is currently the sixth most popular project of all the projects on SourceForge.

PasswordSafe has evolved over several years, and is currently on version 3.07. It’s plain to see that PasswordSafe was the inspiration for KeePass. The current stable version of KeePass is 1.07. A quick survey reveals that it has all of the same usability features of PasswordSafe, many of which are implemented better or more thoroughly. It also appears to be just as secure, and it has better documentation. The one obvious difference between the two is that PasswordSafe provides different views for the database (hierarchical and flattened), whereas KeePass only offers the hierarchical view. The bottom line is they both do the same job, and do it well. If I was not already used to using PasswordSsafe, then I might be inclined to use KeePass instead.

My one concern with KeePass is that the new 2.0 version currently in alpha test requires .Net. The decision to go with .Net is being questioned by many of the users in the KeePass forum. These users are complaining that being tied to .Net limits the portability of KeePass. They keep the current version of the KeePass program, together with the database, on a USB drive that they carry around. If they were to upgrade to 2.0, that would mean that any machine they want to run it on would not only have to have .Net, but it would have to have the correct version of .Net.

On the other hand, the PasswordSafe team is pledged to making their software more portable, not less. You’ll find on the PasswordSafe project page that a Java port of the software is under development (currently at version 0.6).

PasswordSafe

Latest Version: 3.07 (2007-03-29), 0.6 (Java port)
Platform: Any version of Windows
Author: Team led by Rony Shapiro
Price: Free (FOSS)
Download Link: sourceforge.net/projects/passwordsafe

KeePass Password Safe

Latest Version: 1.07 (2007-04-16), 2.02 Alpha Test (2007-04-11)
Platform: Any version of Windows
Author: Team led by Dominik Reichl
Price: Free (FOSS)
Download Link: sourceforge.net/projects/keepass

Comments

  1. Nice comparison.

    Another thing to keep in mind is the ability to use both on Linux. As I work for small and medium size businesses I tend to do a variety of work on Linux and Windows boxes. At home I run multiple version of both OSes and it is nice to be able to port my db over to either due to the fact they have ports to Linux as well.

    Debian based distro:
    apt-get install keepassx
    apt-get install mypasswordsafe

    Be warned however that the implementation of passwordsafe on Linux is _slow_ if you have a large db like I do. It takes close to 30 seconds - 1 minute to load depending on whatever else it going on. It maxes the CPU out at 100% and an educated wild guess is it has to due with iterating over the data to create the hierarchical tree.

  2. You could also look at Password Gorilla for a cross-platform alternative.

  3. I have been using KeePass for a bit now, and the thing that attracted me was its ability to use same data format for Keepass on both Windows and Mac OS X.

    It works well, and I have well over 100 items stored.

    I agree though that I am concerned about the KeePass 2 .Net development which is forging ahead.
    The Mac port, KeePassX, is off of v1, and I am grateful for it, but it seems to not have as much development attention or resources (currently at v 0.3.4)
    Thus I have now very low expectations for a KeePass v2 port to Mac.

    So I’m sticking with v1 (which is at v1.14, of 10-15-2008) even though development on it is pretty much wound down.

    Yes, Gorilla is dual platform, I have not tried it.

    Only other app I remember from a while back was a shareware app, free for 10 services use, now am not remembering the name.

  4. Yes, indeed. KeePassX on the Mac and KeePass 1.0 on the PC is a great combination. The KeePassX user interface leaves a bit to be desired, compared to the PC version, but it’s definitely usable. I had to jump through some hoops to covert my old PWSafe files over, as I recall. First converting to an (unencrypted) XML file, then importing to KeePass 2.0 format (on the PC) and then downgrading to 1.0 format. Having to install KeePass 2.0 just for that was a pain, as was having to be sure to wipe the intermediate XML file properly, but that was way better than importing by hand, of course!

  5. I have been using Password Safe for years and have just come across KeePass. I was welcome the new discovery, but now after playing around with it a bit, it gives a slight unsafe feeling…in terms of the plugins you can add, the extra icons, the options to auto check / connect to the internet for new version of software, etc.

    Password Safe to me ‘appears’ (even thought it does not have to be) more safe due to its simplicity and it being stand alone.

  6. @impee: > the options to auto check / connect to the internet for new version of software, etc.

    this would strike me as the number one feature of any app that I depend on for security. Even windows has gotten *that* one right for some time now.

    I agree on the plugins. Icons? I don’t really understand how icons make an app less secure. If you want spartan, there are command line tools for the job.

  7. How to disable “Check for Update”?

    Its under Help Menu.

    Could anyone suggest me on this

  8. How to disable “Check for Update”? in Kee Pass password safe 2.0.9

    Its under Help Menu.

    Could anyone suggest me on this ?

  9. Any idea if one can import/export the databases between the two?

  10. hey guys!

    both apps are f..n gr8!!!! no doubt about it. in my case use both alternatively….FYI, pwsafe is now in version 3.28 while keepass is in v2.18. whaever u chose is just a matter of preference. take ur pick.

    tnx alot!!!!
    reyed

  11. seth wrote: “[auto update] would strike me as the number one feature of any app that I depend on for security. Even windows has gotten *that* one right for some time now.”

    I couldn’t agree less. Auto update is a HUGE vulnerability. It’s literally a welcome mat for some third party to shove software into the bowels of your system. That third party MAY be both trustworthy and technically competent… but there is no guarantee that it will remain so over time, and no likelihood that you’ll know if and when it becomes untrustworthy or incompetent.

    Ironically, far from “tetting it right,” Microsoft provided the best-ever example of the auto-update fallacy, when it mis-used the mechanism to shove Windows Genuine Advantage (WGA) onto user systems around the world. WGA is not a ‘feature’ that any user would want. It gives Microsoft extra control over YOUR PC, and opens the possibility of false positives that could literally require you to buy a new copy of Windows. No, the problems are not frequent… but the point is that whether an update is to your benefit or not, you gave up the right to complain about it when you enabled (failed to disable) the service.

    I’m still waiting for someone to hack the auto-update feature. What better mechanism could their be, for installing malware? Even if Microsoft’s auto-update service happens to be secure (a big if), there are probably lots of others on your system by now, some of which you’re probably not even aware of.

    It’s your system, do what you think is best. But on my gear, all auto-update services remain in the OFF position.

Post a Comment


Your email is never published nor shared. Required fields are marked *



© 2006-2007 Maxim Software Corp.  All rights reserved.