KeePass + Cloud Storage = (near) Password Nirvana

Update 2015-09-27: Neato! In June of 2015 the author has applied a mod which allows for KeePassHttp to be served from somewhere other than localhost… there are security implications to be considered here but as long as you know how to cover your bases it opens some nice possibilities to have a single KeepPass instance provide password resolution to multiple clients… e.g. a VM guest, other machines in your home, etc. Not provided in ready to run plgx file yet but following the self compile instructions found in the readme was fairly trivial.

KeePass2 – Password management application

  • 10 years mature
  • Free
  • Windows, Linux, Mac, Android and iOS versions
  • DropBox compatible (Google Drive, etc)
  • Autofill browser plugins
  • Rich text area for notes (e.g. challenge phrases and other reminders)
  • Open source (.Net)

  • Mac (and Linux) can run the Windows.exe via Mono
  • Initially ran native KyPass Companion on the Mac side (~$8). Have since switched back to the free mainstream build (see below)

  • On Android phone using Keepass2Android (free) with solid results

  • Provides special keyboard which facilitates autofill

  • DropBox and other cloud drives well supported (synchronize)
  • Handy yet still secure Quick Unlock feature
  • Consider a good android lock screen as additional layer of protection

I’m glad I finally took the time.  I (forced 😉 my wife to run the Windows version on her desktop and we share the same database file with our financial, healthcare, etc logins. So either of us can get into whatever we need wherever we are. It gives me peace of mind that she would have ready access to those important things in case I was somehow unavailable (knock wood). If you’re putting up with some other convoluted hodge podge as I was, please give this general idea a shot by wading in slowly and see if it makes your life easier as it has for me.

 2013-01-01: My main password file was corrupted

and I couldn’t log in.

  • Turns out I had a wonky entry that kept growing upon subsequent saves. Maybe compression algorithm was backfiring or something like that.
  • The offending entry was under KeePassHttp which just stores the authorized connection for each particular browser, so it was a no brainer to kill and recreate.
  • My kdbx file had grown to 28MB! after deleting it was back down to a measly 16k.
  • KyPass Companion was doing the most recent suspect saves causing massive growth so I can’t help but wonder.

DropBox really shines

  • Thanks to DropBox’s inherent versioning I could readily fallback to a working copy
  • Dropbox also showed the disturbing progression in larger file sizes over short amount of time
  • as well as which client that was driving those suspect saves – KyPass on my Mac
  • really gotta hand it to that product team, top notch stuff

KyPass’s questionable involvement gave me a reason to give the mainline KeePass2 another look…

Banging KeePass2 for OS X into shape

  • Updated from current v2.23 build to the latest official v2.24 build by dropping the latest KeePass.exe from the Windows zip bundle into the Contents/MacOS folder. This is promising; hopefully to never suffer the envy of a more recent build.
  • Contents/MacOS is also where plugins like KeePassHttp.plgx should be dropped.
  • KeePassHttp is working just fine for me running under this mono version.
  • Make sure to disable “Show a notification when credentials are requested” under Tools > KeePassHttp Options. Otherwise both KeePass and browser would freeze upon every login page request.

Nice to have’s in KeePass not currently available in KyPass Companion:

  • Automatic save-on-change (via triggers facility)
  • Autoload of the MRU kdbx file upon launch
  • Synchronization

[SOLVED] Error: “The following plugin is incompatible with the current KeePass version”
(/user/{username}/.local/share/KeePass/PluginCache/{unique}/KeePassHttp.dll)

  • Running on Mac via mono, turns out lldb is somehow the process forked by mono which hosts the KeePassHttp listener on port 19455
  • In my situation this pesky error was apparently caused by a crashed orphan lldb holding onto the port and blocking subsequent launches of KeePassHttp
  • Simply “KILLALL lldb” from terminal to resolve

Debug notes:

  • mono>debug.txt -v /Applications/KeePass{version}/Contents/MacOS/keepass.exe
  • Noticed SocketException well into the KeePassHttp plugin’s constructors call stack and started to realize the error message was misleading
  • Xamarin Studio will debug the running instance:
  • First, enable debugger break on SocketException: Run > Exceptions > enter SocketException in the search
  • Run > Debug Application > browse to keepass.exe

  • Xamarin Studio will also reverse gen back to C# source (not that we need it in this case but it’s good to know for future) – just create a new project and add the assembly (DLL or EXE) as a reference and click into it to see the readable source conversion of all classes.