Site Map - skip to main content

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes Monday through Friday.

hpr3877 :: KeePass X.C. audit review.

Sgoti discusses the Keepass X.C. audit by Zaur Molotnikov

<< First, < Previous, , Latest >>

Thumbnail of Some Guy On The Internet
Hosted by Some Guy On The Internet on 2023-06-13 is flagged as Clean and is released under a CC-BY-SA license.
KeepassXC, audit, Zaur Molotnikov. (Be the first).

Listen in ogg, spx, or mp3 format. Play now:

Duration: 00:42:32


  • Article: KeePassXC - Cross-platform Password Manager.

  • Article: KeePassXC Application Security Review

  • Article: KeePassXC: User Guide.

  • Article: Magic (cryptography).

  • Article: Federal Information Processing Standards.

    • The Federal Information Processing Standards (FIPS) of the United States are a set of publicly announced standards that the National Institute of Standards and Technology (NIST) has developed for use in computer systems of non-military, American government agencies and contractors. FIPS standards establish requirements for ensuring computer security and interoperability, and are intended for cases in which suitable industry standards do not already exist. Many FIPS specifications are modified versions of standards the technical communities use, such as the American National Standards Institute (ANSI), the Institute of Electrical and Electronics Engineers (IEEE), and the International Organization for Standardization (ISO).
    • Supporting Article: FIPS General Information.
    • FIPS are standards and guidelines for federal computer systems that are developed by National Institute of Standards and Technology (NIST) in accordance with the Federal Information Security Management Act (FISMA) and approved by the Secretary of Commerce. These standards and guidelines are developed when there are no acceptable industry standards or solutions for a particular government requirement. Although FIPS are developed for use by the federal government, many in the private sector voluntarily use these standards.
  • Article: G502 HERO High Performance Gaming Mouse.

    • Dual-Mode Hyper-Fast Scroll Wheel
    • Unlock the scroll wheel for hyper-fast continuous scrolling to spin quickly through long pages, or lock it down for single click precision scrolling. The weighty, metal wheel delivers confident, smooth and satisfying control for either mode.

General KeePassXC Information.  

  • Why KeePassXC instead of KeePassX?
    • KeePassX is an amazing password manager, but hasn't seen much active development for quite a while. Many good pull requests were never merged and the original project is missing some features which users can expect from a modern password manager. Hence, we decided to fork KeePassX to continue its development and provide you with everything you love about KeePassX plus many new features and bugfixes.
  • Why KeePassXC instead of KeePass?
    • KeePass is a very proven and feature-rich password manager and there is nothing fundamentally wrong with it. However, it is written in C# and therefore requires Microsoft's .NET platform. On systems other than Windows, you can run KeePass using the Mono runtime libraries, but you won't get the native look and feel which you are used to.
    • KeePassXC, on the other hand, is developed in C++ and runs natively on all platforms giving you the best-possible platform integration.
  • Why is there no cloud synchronization feature built into KeePassXC?
    • Cloud synchronization with Dropbox, Google Drive, OneDrive, ownCloud, Nextcloud etc. can be easily accomplished by simply storing your KeePassXC database inside your shared cloud folder and letting your desktop synchronization client do the rest. We prefer this approach, because it is simple, not tied to a specific cloud provider and keeps the complexity of our code low.
  • KeePassXC allows me to store my TOTP secrets. Doesn't this alleviate any advantage of two-factor authentication?
    • Yes. But only if you store them in the same database as your password. We believe that storing both together can still be more secure than not using 2FA at all, but to maximize the security gain from using 2FA, you should always store TOTP secrets in a separate database, secured with a different password, possibly even on a different computer.
  • How do I use the KeePassXC CLI tool with the AppImage?
    • Starting with version 2.2.2, you can run the KeePassXC CLI tool from the AppImage by executing it with the cli argument:
    • ./KeePassXC-*.AppImage cli

Additional Information.


Subscribe to the comments RSS feed.

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Provide feedback
Your Name/Handle:
Anti Spam Question: What does the P in HPR stand for ?