Replacing KeePassX with a .txt file


A user new to SecureDrop got confused by the KeePassX UX. They did not remember the password had to be empty. Then they did not get why the Password checkbox had to be checked despite the fact that there is no password. And finally they selected the keepassx.kdbx to be the key file because … what else could it be ?

The KeePassX UX is not very good and it would be more user friendly to use a password.txt file with a plain text template to get things a little organized.

What do you think ?

Gnome has an integrated keyring; why not using it?

KeePassX is used to store various informations about connections: login names, comments, hostnames etc…

One advantage I also see with keepass (apart from a way of organizing passwords) is that passwords can be copy-pasted without being visible onscreen, and allows the generation of passwords. Keepass also has features to protect against database corruption.

Can you clarify this statement? I am confused.

@bmeson there is an empty password. And it means the “password” checkbox must be ticked and no password entered, which is confusing.

Personally I experienced silent dataloss with keepassx. It finished to convince me to move away from it.

Dear @dachary Why not use KeePassXC? A community fork of KeePassX also checkout arc it might be useful for you.

Unfortunately, I think no matter what we recommend, people will use what is already in Tails and what they are familiar with (a password manager). So even if we recommend they switch to a different format our end users will not. We should instead dog food KeePassX/Tails since we have already placed our wagon on that horse.

1 Like

I like this idea. Since KeePassX is essentially unmaintained, one of them could be proposed to tails as a replacement. In your experience are they well maintained ?

Asking journalists to install a password manager by installing gcc+ and build-develop tools seems like a support / training nightmare waiting to happen.

I think @AboShanab suggested KeePassXC if and only if it is packaged and available in Debian GNU/Linux. Requiring compilation from the tails user would be … a little inconvenient indeed :wink:

I would agree on moving to KeePassXC, but maintaing packages would be quite a pain. It would be better if we could get upstream to do so. Upon further inspection, it looks to be in Debian buster/testing. That probably means it’ll be a bit before we see it in Tails, though.

1 Like

Correct, KeePassXC is not packaged with Tails at this time.

Filed an issue in tails to suggest the replacement. I did not look into possible compatibility issues but I guess the discussion about that will continue in this direction. @AboShanab @bmeson @edenemmanuel and big thank for re-orienting this thread, I’m optimistic about KeePassXC now :slight_smile:

Hello @dachary, sorry for the late reply.
They are maintained very well in my opinion, also they are just released a new version (2.3.0) with a lot of new features and bug fixes also I think it’s a nice idea to seeing it ships with the new version of Tails!

I agree with you. also it’s good to tell you that the new version is now available as Snap and AppImage packages, that’s would made it very easy to installing it on any linux distribution for the new linux users! (Also they are want translators for the project specifically to the resource called develop–keepassx_ents on Transifex! hope to seeing you contribute when you have some free time :wink:)

Thanks for your efforts @dachary!

1 Like