A user new to SecureDrop got confused by the KeePassX UX. They did not remember the password had to be empty. Then they did not get why the Password checkbox had to be checked despite the fact that there is no password. And finally they selected the keepassx.kdbx to be the key file because … what else could it be ?
One advantage I also see with keepass (apart from a way of organizing passwords) is that passwords can be copy-pasted without being visible onscreen, and allows the generation of passwords. Keepass also has features to protect against database corruption.
Unfortunately, I think no matter what we recommend, people will use what is already in Tails and what they are familiar with (a password manager). So even if we recommend they switch to a different format our end users will not. We should instead dog food KeePassX/Tails since we have already placed our wagon on that horse.
I would agree on moving to KeePassXC, but maintaing packages would be quite a pain. It would be better if we could get upstream to do so. Upon further inspection, it looks to be in Debian buster/testing. That probably means it’ll be a bit before we see it in Tails, though.
Filed an issue in tails to suggest the replacement. I did not look into possible compatibility issues but I guess the discussion about that will continue in this direction. @AboShanab@bmeson@edenemmanuel and big thank for re-orienting this thread, I’m optimistic about KeePassXC now
Hello @dachary, sorry for the late reply.
They are maintained very well in my opinion, also they are just released a new version (2.3.0) with a lot of new features and bug fixes also I think it’s a nice idea to seeing it ships with the new version of Tails!
I agree with you. also it’s good to tell you that the new version is now available as Snap and AppImage packages, that’s would made it very easy to installing it on any linux distribution for the new linux users! (Also they are want translators for the project specifically to the resource called develop–keepassx_ents on Transifex! hope to seeing you contribute when you have some free time )