PasswordSafe vs. KeePass Password Safe
Last month, I recommended a free program on SourceForge called PasswordSafe for keeping track of all your various and sundry passwords. There are actually numerous projects on SourceForge for keeping track of passwords, and two of them have the words “password safe” in the name. The one I spoke of is simply called “Password Safe” (sometimes written with the space between words, and sometimes without). An equally worthy and more popular project is called “KeePass Password Safe” (which I will refer to simply as KeePass from now on, to avoid confusion). Indeed, KeePass is currently the sixth most popular project of all the projects on SourceForge.
PasswordSafe has evolved over several years, and is currently on version 3.07. It’s plain to see that PasswordSafe was the inspiration for KeePass. The current stable version of KeePass is 1.07. A quick survey reveals that it has all of the same usability features of PasswordSafe, many of which are implemented better or more thoroughly. It also appears to be just as secure, and it has better documentation. The one obvious difference between the two is that PasswordSafe provides different views for the database (hierarchical and flattened), whereas KeePass only offers the hierarchical view. The bottom line is they both do the same job, and do it well. If I was not already used to using PasswordSsafe, then I might be inclined to use KeePass instead.
My one concern with KeePass is that the new 2.0 version currently in alpha test requires .Net. The decision to go with .Net is being questioned by many of the users in the KeePass forum. These users are complaining that being tied to .Net limits the portability of KeePass. They keep the current version of the KeePass program, together with the database, on a USB drive that they carry around. If they were to upgrade to 2.0, that would mean that any machine they want to run it on would not only have to have .Net, but it would have to have the correct version of .Net.
On the other hand, the PasswordSafe team is pledged to making their software more portable, not less. You’ll find on the PasswordSafe project page that a Java port of the software is under development (currently at version 0.6).
PasswordSafe
Latest Version: 3.07 (2007-03-29), 0.6 (Java port)
Platform: Any version of Windows
Author: Team led by Rony Shapiro
Price: Free (FOSS)
Download Link: sourceforge.net/projects/passwordsafe
KeePass Password Safe
Latest Version: 1.07 (2007-04-16), 2.02 Alpha Test (2007-04-11)
Platform: Any version of Windows
Author: Team led by Dominik Reichl
Price: Free (FOSS)
Download Link: sourceforge.net/projects/keepass
Joe wrote:
Nice comparison.
Another thing to keep in mind is the ability to use both on Linux. As I work for small and medium size businesses I tend to do a variety of work on Linux and Windows boxes. At home I run multiple version of both OSes and it is nice to be able to port my db over to either due to the fact they have ports to Linux as well.
Debian based distro:
apt-get install keepassx
apt-get install mypasswordsafe
Be warned however that the implementation of passwordsafe on Linux is _slow_ if you have a large db like I do. It takes close to 30 seconds - 1 minute to load depending on whatever else it going on. It maxes the CPU out at 100% and an educated wild guess is it has to due with iterating over the data to create the hierarchical tree.
Posted 30 Oct 2007 at 9:46 pm ¶
Emmanuel wrote:
You could also look at Password Gorilla for a cross-platform alternative.
Posted 17 Jan 2008 at 3:03 pm ¶
Bruce wrote:
I have been using KeePass for a bit now, and the thing that attracted me was its ability to use same data format for Keepass on both Windows and Mac OS X.
It works well, and I have well over 100 items stored.
I agree though that I am concerned about the KeePass 2 .Net development which is forging ahead.
The Mac port, KeePassX, is off of v1, and I am grateful for it, but it seems to not have as much development attention or resources (currently at v 0.3.4)
Thus I have now very low expectations for a KeePass v2 port to Mac.
So I’m sticking with v1 (which is at v1.14, of 10-15-2008) even though development on it is pretty much wound down.
Yes, Gorilla is dual platform, I have not tried it.
Only other app I remember from a while back was a shareware app, free for 10 services use, now am not remembering the name.
Posted 12 Feb 2009 at 9:04 pm ¶
Craig wrote:
Yes, indeed. KeePassX on the Mac and KeePass 1.0 on the PC is a great combination. The KeePassX user interface leaves a bit to be desired, compared to the PC version, but it’s definitely usable. I had to jump through some hoops to covert my old PWSafe files over, as I recall. First converting to an (unencrypted) XML file, then importing to KeePass 2.0 format (on the PC) and then downgrading to 1.0 format. Having to install KeePass 2.0 just for that was a pain, as was having to be sure to wipe the intermediate XML file properly, but that was way better than importing by hand, of course!
Posted 13 Feb 2009 at 5:17 pm ¶
impee wrote:
I have been using Password Safe for years and have just come across KeePass. I was welcome the new discovery, but now after playing around with it a bit, it gives a slight unsafe feeling…in terms of the plugins you can add, the extra icons, the options to auto check / connect to the internet for new version of software, etc.
Password Safe to me ‘appears’ (even thought it does not have to be) more safe due to its simplicity and it being stand alone.
Posted 02 Mar 2009 at 8:30 am ¶
seth wrote:
@impee: > the options to auto check / connect to the internet for new version of software, etc.
this would strike me as the number one feature of any app that I depend on for security. Even windows has gotten *that* one right for some time now.
I agree on the plugins. Icons? I don’t really understand how icons make an app less secure. If you want spartan, there are command line tools for the job.
Posted 12 Jun 2009 at 3:01 pm ¶