Secure your passwords and personal data with KeePassX
AutoType
Autofill is the forte of web browsers. Almost all mainstream browsers now offer to store the user ID and password. However, with information theft on the rise, many users want to avoid saving login details to browsers. KeePassX offers an autotype feature that lets you easily fill the login details for a website. This feature is currently available only in the Linux version of KeePassX.
To use the autotype feature, first open the login page (e.g., your email login page); then, open KeePassX and go to the entry corresponding to this email account. Right-click the entry and click Perform AutoType (Figure 6). Login details are automatically fed to the login page – without the browser getting to know a thing! To configure the AutoType process, click on the Tools button on the bottom left corner of a New Entry dialog (refer to Figure 4).
AutoType is a great feature, but it is available on Linux only. Other users can still copy and paste passwords and user IDs from the KeePassX window, just as you can. Data copied onto the clipboard is automatically wiped off in a few seconds. (You can configure the time the data will remain on the clipboard before it is cleared.)
The KeePassX window has separate buttons to copy the user ID (user icon) and password (key icon). (The second and third buttons from right on the top menubar.) If you want to change the duration after which the clipboard is cleared, go to Extras | Settings | Security and change the number of seconds.
Locking the Workspace
You are away from your desk for a few seconds, but you leave the screen unlocked. Those few seconds are all it takes for a social engineer to get the data. The effect of such an attack is more severe if the attacker gets access to your KeePassX window.
KeePassX allows you to lock your workspace with a single click by just clicking the rightmost icon on the top menubar (the padlock). To set the idle time before KeePassX automatically locks itself, go to Extras | Settings | Security. You can also set the option to lock KeePassX if you just minimize the window.
Using ownCloud
You can save the KeePassX database file anywhere, move it, or even email it as an attachment. This freedom opens a lot of new avenues for innovative use cases – the most obvious being a multiple-system environment.
Users today don't have just one device: A single user often has a personal laptop, the office laptop, a tablet, and a mobile phone – or sometimes more than one. Although KeePassX is a desktop application (there is no way to access it via another device), you can use the KeePassX database file to make the passwords available across platforms. Any file-sharing application, such as iCloud, Google Drive, or Dropbox, can help you transfer the KeePassX database file to other systems.
Why not do this the open source way? The free ownCloud tool is a great way to set up your own file-sharing cloud. You can set up a private installation of ownCloud to make the KeePassX database available on all your devices: You don't need a third-party server. Install ownCloud on your home PC and access it via the LAN/WiFi from other devices.
After downloading ownCloud from the website [4], installation is very easy. (See the installation instructions online [5] or refer to the user manual for more on operating ownCloud [6].) You just need a web server running on your computer. You can then drop the ownCloud folder to the web server's root directory. Access the folder via your browser and set up the admin user, and you are ready to roll.
After you log in successfully, you can add another layer of security by enabling ownCloud encryption. To do so, click on the drop-down menu on the far right and go to the Apps page. Scroll down to select the Encryption plugin, enable it, log out, and log in again to generate the encryption keys. Upload the KeePassX file to ownCloud.
To make sure your ownCloud is available throughout your local network; you need to edit the config.php
file in the owncloud/config
folder. Open the file, go to the trusted_domains
section, and add the IP address of the system hosting ownCloud. Now you can access your ownCloud from other network devices. If you log in from another device, you will see that the KeePassX file is available on your LAN (Figure 7). Install KeePassX on your mobile device, and open the database file (Figure 8). All your passwords are now available on your mobile devices.
Since the network you are using is your home network, and it is possible you will make changes to the KeePassX file when you are not on the home network, be sure the file is synced before you use it on other devices, or you might end up with several version of the same file.
Encryption Algorithms
KeePassX uses two of the most secure encryption algorithms available today: AES and the Two Fish algorithm.
AES is a symmetric-key cipher, meaning the same key is used for the encryption and decryption of the data. It is a block cipher, with block size fixed at 128 bits (i.e., it operates on chunks of 128 bits of data). The key size used for an AES cipher can be 128, 192, or 256 bits. Check out AES encryption process with the flash animation available online [2].
Two Fish algorithm was one of the five finalists during the AES selection process. Although Two Fish was not selected because of performance concerns, it offers similar or even better security than the Rijndael algorithm that was eventually chosen for AES. Two Fish is also a symmetric key algorithm, with block size of 128 bits and key size ranges from 128 to 256 bits. The Two Fish algorithm is not patented, and the implementation is available for download [3].
Infos
- KeePassX homepage: http://www.keepassx.org/
- AES encryption video: http://www.formaestudio.com/rijndaelinspector/archivos/Rijndael_Animation_v4_eng.swf
- Two Fish encryption: https://www.schneier.com/twofish.html
- ownCloud homepage: http://owncloud.org/
- Installing ownCloud https://owncloud.org/install/
- ownCloud user manual: http://doc.owncloud.org/server/8.0/user_manual/
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.
-
Fedora 41 Released with New Features
If you're a Fedora fan or just looking for a Linux distribution to help you migrate from Windows, Fedora 41 might be just the ticket.
-
AlmaLinux OS Kitten 10 Gives Power Users a Sneak Preview
If you're looking to kick the tires of AlmaLinux's upstream version, the developers have a purrfect solution.
-
Gnome 47.1 Released with a Few Fixes
The latest release of the Gnome desktop is all about fixing a few nagging issues and not about bringing new features into the mix.