KeePass, a robust password manager?

Written by Joseph MICACCIA, certified network expert - -

Nowadays, we need passwords for everything: our bank accounts, our e-mail accounts, our accounts on the various commercial sites, etc. And to manage these passwords, we need ... a password manager, if possible robust. There are several, but only one is certified by ANSSI (National Agency for Information Systems Security).

The average person can remember about twenty robust passwords. Beyond this number, it is necessary to use a password manager. There are several, very effective. In the world of free software, only one manager is certified by ANSSI at present; This is KeePass, an open source software, which is a "safe" password requiring authentication to access encrypted content.



This product is open source and has a multitude of third party plugins. Security is provided by several cryptographic algorithms including AES and TwoFish, with 256-bit hashing.

KeePass is available for Windows, OS X, Linux, iOS and even Android systems.

According to KeePass designers, the databases are encrypted using the most reliable and most secure encryption algorithms known at the moment. It was reassuring, until the appearance of KeeFarce, a program to hack KeePass.

Using the DLL injection principle, KeeFarce can extract information from the KeePass 2.x password database. Clear text information, including usernames, passwords, notes, and URLs, is transferred to a CSV file, which reduces the effectiveness of KeePass to nil.

Indeed, ANSSI has detected vulnerabilities in versions prior to 2.34.



However, it seems that the multiple vulnerabilities have been corrected in Keepass. Moreover, according to ANSSI, the new version of KeePass would be a safe tool.

For my personal needs, I use NotePlus, a tool that I made myself ... we are never so well served as by myself ;-)

Whatever the tool, protect your passwords!


Liens :



Comments are closed.