Episode: 1096
Title: HPR1096: KeepassX
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr1096/hpr1096.mp3
Transcribed: 2025-10-17 18:52:41

---

Hello, this is Frank Bell. I'm back to talk about Key Pass X. That's Kuro, Echo, Echo, Papa, Alpha,
Sierra, Sierra, X-ray. Key Pass X is a cross-platform password vault. It works on limits and a number
of other mixed platforms as well as Mac and Windows and is distinguished by having portable databases.
It started as an attempt to implement the key pass that's Kuro, Echo, Echo, Papa, Alpha,
Sierra, Sierra, Key Pass, password protocol for our Linux and was originally called Key Pass Slash L.
Key Pass is a free open source GPL password manager available for Windows, iPhones and iPads,
and supported in certain mix operating systems so long as you have mono installed. There'll be a link
to the Key Pass website in the show notes. However, without mono, Key Pass will not work in Linux.
Key Pass X has a native Linux application. After Key Pass L was operable, the program was ported to Mac
and to Windows at which time the name was changed from Key Pass Slash L to Key Pass X. Key Pass X
is compatible with Key Pass format databases up through Key Pass version 1.x.
Key Pass is currently in the version 2.x series of releases. Work is being done to update Key Pass X
to be compatible with the new Key Pass database format. I started using this when I did a bit of work
for a company which had a great emphasis on password security. Seeing a password written down
would cause great consternation to their IT department. So they recommended strongly using Key Pass X.
They favored that because of the cross-platform nature. They had a mix of Linux and Windows computers
in their infrastructure. If you've got a sign to a new computer, you can simply port your Key Pass
X database to the new computer and with the same password that you were using before
be able to open the database. Accordingly, you could have many, many passwords. Some of the people
this company had up to 50 passwords and the only password that you had to actually remember
was the password for your Key Pass X database. I got interested in using this at home
because I have a Windows computer that I use from time to time and several Linux computers
that I use regularly and remembering the passwords that I moved from one computer to another
was quite the pain. I would expend lots of energy and trying to come up with passwords
which could be obscure to another person but easy for me to remember because I was using
pass phrases that had a meaning to me but would have no meaning to anyone else.
I like it because it's cross-platform because I no longer need to remember the passwords
or keep any kind of record of them and either files tucked away in secure corners of my computers
or written records which I do not hesitate to do when I'm at home because if I've got the bad guy
in my office reading my password list, I have security problems that greatly transcend
internet password security problems. You can get this in sources from the Key Pass X website
and a number of Linux distributions have it in their repos. I checked and it is in the repos
for Debian, Fedora and SalesOS. There's also a Slack build for it and I'll have a link to the
Slack build in the show notes and at the Key Pass X website you can download Windows and Mac
binaries. Installing it is fairly simple install it from the repos or compile it from sources
or from Mac and Windows run the installation binary. Once you install it and start the application
you're looking at an empty interface. When you click on file new database you're prompted
to enter and verify a password which is referred to as a master key in the interface.
You may also use a key file for a combination of a key file and a password to secure your database.
Once you've created the database the interface will people itself on the left there be a narrow panel
that says groups with 2D file groups internet and email. The groups themselves are empty and are
there for use. If you choose to use them later I'll talk about them more a little later
and on the right in a much larger window there's a place for creating your entries. To add an
entry you can go on the menu to entry, add new or you can right click in the empty entry
field and get a pop-up menu and add new world won't be one of the options there. Other options
when you click entries or right click in the entry field include clone, edit, copy the URL,
open the URL in the default browser, copy username, copy password. When you click to add a new entry
the add entry fields include group, title, username, URL, password, there is a quality indicator scale
a place for comments and a place to set an expiry date. None of these fields are mandatory.
I have created fields that have only a password in them. At a minimum you would want a title
and the password because without the title you're not going to know what the password is for.
I generally have the title, the URL, if it's one that I don't use so frequently I have it almost
memorized the username and the password. Once you have the entry set up the way you would use it is
to navigate to the log-on box for the resource that you want to log into. You can do that either
using the copy URL and pasting the URL into your browser, the open URL if you want to use your default
browser or simply navigating to the page the way you normally would. Let's ask Linus questions
you would go to the lq item in your key pass x application. Highlight the line for lq right click
and select copy username, paste that into the username box, repeat for copy password and bang-bang-boom
URL as opposed to URL. One thing I've noticed is that the clipboard content seemed to expire after
about 15 seconds. The contents for your password or your username are not held on the clipboard
indefinitely. Even if you don't paste them into a web dialogue they will go away. Another feature
that I quite like is the password generation feature. The way you would use this is to create a
database entry, give it a title in other words and then in the entry next to the password line select
gen for generate. When the generator starts there are three tabs one for random passwords, one for
pronounceable passwords and really don't believe them when they say pronounceable and one for
special passwords and in the last one the special tab you can prescribe what characters you
want to use in the password. In each one of those three tabs dialogues allow you to establish
some criteria such as whether or not to use special characters the length of the passwords
and so on. Generally I like to use this because it takes the pressure off of me for coming up with
difficult to crack passwords. In using the password generator I have found one thing useful.
It is possible with key pass x to copy the password from the key pass x entry and then paste it
into a text editor. I will do this frequently and I'll tell you why. I was setting up a password
for some site a couple of weeks ago and I went to password generate the password and key pass x.
I generated a really nice password. I tried to enter it and I got a message back saying a
slash is not permitted. So I pasted the password into a text editor. I took out the slash,
copy the revised password, missing the slash and used that to create the password at this site.
That was accepted. Then I took the content of my text editor, went back and entered it into key
pass x overwriting the previous password entry and then I tested it once more logging out and then
logging into the site before I closed the text editor. Just in case I had managed the ball something
up. So I would recommend taking advantage of that pasting feature. The ability to paste into
a text editor is also useful if you need to share your password. For example at this company where
I learned about key pass x, the company had a general password for logging into one of their vendor
sites. All the employees of the company were to use this password if they were authorized to log
into the vendor site. So if someone knew needed that password, you could give it to them simply by
pasting it into a text file and that way showing them what the password they should use is.
Because you can paste the passwords into a text file, if you are using key pass x in a public
location and by public I mean where other people can see your computer, I don't mean just
something like an internet coffee shop. This would also be at a work location. If you leave
your computer, you definitely want to lock the screen or close key pass x so someone can't
sneak in behind you and get your passwords like that. A couple of other things I want to mention
under file database settings you can change the generation algorithm between two fish and
AES. The default is AES. There will be a link about that in the show notes. You can export your key pass x
database and text or XML. I have not tested this but it is an option on the menu. You can import
databases and key pass x formats, PW manager format and I did work out PW manager. There is a
site on source forage. It seems to be a star open source password manager project. The last
post on the site that I found on source forage is six years old. There will be a link in the show
notes and in k wallet format. I do want to mention here. I have experimented with GNOME key ring
and k wallet and I wasn't particularly entranced with either one of them. I am certain that both of them
are quite secure but there was not the convenience of the cross platform portability
as you get with peak key pass x. If I'm using Slackware with KDE on one computer and devian with
GNOME on the other it's really a pain to try to coordinate the two different password vaults.
So I never really became entranced with either GNOME key ring or K wallet for reasons of my own
personal computing habits. I also had never wanted to use a browser based password vault.
I use multiple browsers. I generally use Opera but I also will use Firefox from time to time
and sometimes other browsers depending on what I'm testing and what I'm trying to accomplish
and what computer I'm sitting at. So again there is the portability issue and also
and it may be completely irrational but storing my passwords in my browser it just seemed to be
one step too close to the internet for me to be comfortable. I think I would rather have them in
a wall safe back there somewhere and not sitting in the umbrella stand at the front door.
I didn't mention the groups earlier. There are two default groups that appear in the left-hand
groups panel when you first create a key pass x database. They are internet and email. If you
change entry say you enter a new password the old entry gets preserved in the backup group
which gets created at that time. Nothing is put in a group unless you tell key pass x to put it
in a group. Generally for most of my browsing I do not use groups. I don't have that many passwords
but if I had a lot of passwords or passwords that had special meanings and special uses then
I might use groups. I'm doing some work for maintaining a database for an organization. I'm a
member of one of my computers. I did take the passwords for their website and website-related
logins and put them in a discrete group under the name of that organization so I could quickly
find them. But for a day-to-day computing for the home computing user the groups is probably a
feature that won't really be necessary. You cannot open two databases in one instance
of key pass x but you can run multiple instances of key pass x. If I got one key pass x file open
and key pass x and I go to file open. If I open a different one it will close the one I have.
So if I need to have two key pass x files such as one for this organization I'm talking about
the one that I gave to their people after I changed a number of insecure passwords and
my own key pass x database. I simply start a second instance of key pass x
load in the other database and they can quite happily run side by side. You can also change your
default browser. And the key pass x that I got from Slack builds the default browser was
Firefox. To change the browser you would go to extras settings advanced custom browser command
and simply type in the command to start the browser of your choice. In my case I simply replace
the word Firefox with the word opera. Bingo when I click to open a URL the URL opened in opera
rather than starting a Firefox instance when I did not necessarily want to be running two browsers.
So that's an introduction to key pass x. One other thing I do when I save a new key pass x
database I make some revisions I add some new passwords I change some passwords and I do
the save as and I give it today's date. That's not because I'm trying to maintain
a personal archive of all my old passwords that I don't use anymore. That's so when I then
SCP this new database to my other computers or in the case of my Windows computer use my network
to move it over there. I know which database is the current one I can open that then I can
delete the old ones. So I have found this a useful rule program is made my life a lot easier
particularly because of the cross platform nature of it. I likely just about the time I finished
the notes for this podcast and was preparing to record it. I noticed that Linux journal had
posted an article about key pass x along to that article will be in the show notes.
Everybody have fun enjoy your summer's computing and I'll catch you later.
If you want to email me you can email me at frank at pineviewfarm.net pineviewfarm is all
one word, no spaces, no punctuation and my website is www.pineviewfarm.net. Thank you very much.
You have been listening to Hacker Public Radio or Hacker Public Radio does our
We are a community podcast network that releases shows every weekday Monday through Friday.
Today's show, like all our shows, was contributed by a HBR listener by yourself.
If you ever consider recording a podcast then visit our website to find out how easy it really is.
Hacker Public Radio was founded by the digital dot pound and the economical and computer cloud.
HBR is funded by the binary revolution at binref.com. All binref projects are crowd sponsored by
linear pages. From shared hosting to custom private clouds, go to lunarpages.com for all your hosting
needs. Unless otherwise stasis, today's show is released under a creative comments,
attribution, share a like, details or license.