Open source advent calendar: the password manager KeePass

Share your love

This is an advent calendar for techies. In the fully commercialized digital world, almost everything belongs to a large Internet corporation. Their software is neither open nor free. As an alternative, there is this small island of the open source world: software whose code is publicly visible and can be independently checked for possible security gaps and backdoors. Software that can be freely used, distributed and improved. Often the drive for work is simply the joy of providing something useful to society.

Short portraits of open source projects will be published on heise online from December 1st to December 24th. These are about the functions of the respective software, the pitfalls, the history, the background and the financing.

Short portraits of open source projects will be published on heise online from December 1st to December 24th. These are about the functions of the respective software, the pitfalls, the history, the background and the financing. Some projects are backed by an individual, others by a loosely organized community, a tightly managed foundation with full-time employees or a consortium. The work is entirely voluntary, or it is financed through donations, cooperation with Internet companies, government funding or an open source business model. Regardless of whether it is a single application or a complex ecosystem, whether a PC program, app or operating system – the diversity of open source is overwhelming.

KeePass helps manage passwords. A lean project made in Baden-Württemberg with a large ecosystem. KeePass is a password manager for PC, primarily for Windows. 2020 became KeePass downloaded about 7.3 million times, above all from Germany and the USA. The software is under a GNU GPLv2 license. There are about 180 Plug-ins and extensions that enable a secure cloud connection, for example.

KeePass focuses on core functions and is installed and set up with just a few clicks. You create password entries manually, if you wish, in different groups. If you don’t have a good password yet, KeePass can throw one together.

The information can be copied out again later using a small icon or a right click of the mouse. Web passwords can be filled in automatically if the structure of the login window of the respective website allows it. Access to the KeePass database is protected with a master password.

KeePass is primarily designed for Windows devices. The program can also be used with a workaround on other systems to use. The KeePass website lists for very different contexts several dozen forks on, about KeePassXC (for Windows, macOS and Linux), Keepass2Android (for Android) as well as KeePassium (for iOS).

KeePass and the many sister programs are part of the standard canon of digital self-defense. The Federal Office for Information Security (BSI) recommends KeePass, a tool kit from the US Electronic Frontier Foundation (EFF) advises KeePassXC. In 2016 the EU Commission issued a extensive security clearance funded and in 2019, KeePass was part of one Bug-Bounty-Programms the European Commission.

Like the public transport timetable information app, KeePass is largely a one-person project: the developer Dominik Reichl, who lives in Metzingen near Stuttgart, is behind KeePass.

On his website Reichl lists eight other software projects, such as KeeGen, a password generator for Windows, and VisualHash and ReHash for calculating hash sums. However, Reichl told heise online that his focus is clearly on KeePass.

KeePass has just come of age: 18 years ago, on November 15, 2003, Reichl created KeePass as a project on, the first version followed two days later. He wrote the program completely himself, he tells heise online: “The reason to start developing KeePass was simply that there was no password manager that I liked at the time.”

Reichl asks for donations on his website and has included advertising. At its core, he develops KeePass on his own. But there is a small community around it: Around 75 people help with translations, meanwhile they can around 50 language packages to install. Around 140 people contribute the 180 plug-ins and extensions and a small group of people answer support requests.

Then there is an amazingly large ecosystem of around 50 related programs and forks. Some users would like an “official” KeePass app for all possible contexts, says Reichl. But he doesn’t have time for that and is happy about the work of the others: “I prefer to concentrate on the development of KeePass for PCs and am glad that other developers are creating KeePass-compatible apps for other systems.”

The work on the series of articles is based in part on a “Neustart Kultur” grant from the Federal Government Commissioner for Culture and the Media, awarded by VG Wort.


Article Source

Read Also   How ransomware paralyzed a city council for days
Share your love