Did KeePassX ever had an Audit Funding like ex.: TrueCrypt? Or any other password manager?
Asked
Active
Viewed 1,226 times
7
-
If you're concerned about the security of the database file itself, encrypting it with another program like gpg/pgp or Truecrypt/LUKS/etc could only help. Don't worry much about KeePass protecting itself from snooping apps or spyware, if you have those you're already boned – Xen2050 Apr 11 '16 at 00:38
-
2Apparently the EU is doing one ... KeePass Password Manager is getting a code audit – Tyler Jordan Dec 09 '16 at 03:38
2 Answers
1
Regarding the other password managers part of the question -- specifically KeePass.
As Tyler Jordan writes in his comment there is a code audit of KeePass password manager under EU-FOSSA project.
Review report is available here (look for Deliverable WP6-01: Code review) or use direct link to the PDF version.
vlp
- 113
- 4
-
KeePass and KeePassX are two different programs. Though they share the same password database format, not all conclusions from KeePass audit can be used to infer the same for KeePassX. Weak cryptography implementations could potentially weaken the actual encryption even when the encryption technique itself are capable of strong security in another implementation. – Lie Ryan Oct 07 '17 at 18:40
-
@LieRyan You are right. I know there is a difference between KeePass and KeePassX. I posted this as an answer to the Or any other password manager? part of the question. I will clarify that in the answer. Please let me know if you think this answer is inappropriate and I will delete it. (I came across this question while looking for some audited password manager and thought link to the EU-FOSSA might be helpful for others) – vlp Oct 07 '17 at 19:13