Secure your passwords and personal data with KeePassX
AutoType
Autofill is the forte of web browsers. Almost all mainstream browsers now offer to store the user ID and password. However, with information theft on the rise, many users want to avoid saving login details to browsers. KeePassX offers an autotype feature that lets you easily fill the login details for a website. This feature is currently available only in the Linux version of KeePassX.
To use the autotype feature, first open the login page (e.g., your email login page); then, open KeePassX and go to the entry corresponding to this email account. Right-click the entry and click Perform AutoType (Figure 6). Login details are automatically fed to the login page – without the browser getting to know a thing! To configure the AutoType process, click on the Tools button on the bottom left corner of a New Entry dialog (refer to Figure 4).
AutoType is a great feature, but it is available on Linux only. Other users can still copy and paste passwords and user IDs from the KeePassX window, just as you can. Data copied onto the clipboard is automatically wiped off in a few seconds. (You can configure the time the data will remain on the clipboard before it is cleared.)
The KeePassX window has separate buttons to copy the user ID (user icon) and password (key icon). (The second and third buttons from right on the top menubar.) If you want to change the duration after which the clipboard is cleared, go to Extras | Settings | Security and change the number of seconds.
Locking the Workspace
You are away from your desk for a few seconds, but you leave the screen unlocked. Those few seconds are all it takes for a social engineer to get the data. The effect of such an attack is more severe if the attacker gets access to your KeePassX window.
KeePassX allows you to lock your workspace with a single click by just clicking the rightmost icon on the top menubar (the padlock). To set the idle time before KeePassX automatically locks itself, go to Extras | Settings | Security. You can also set the option to lock KeePassX if you just minimize the window.
Using ownCloud
You can save the KeePassX database file anywhere, move it, or even email it as an attachment. This freedom opens a lot of new avenues for innovative use cases – the most obvious being a multiple-system environment.
Users today don't have just one device: A single user often has a personal laptop, the office laptop, a tablet, and a mobile phone – or sometimes more than one. Although KeePassX is a desktop application (there is no way to access it via another device), you can use the KeePassX database file to make the passwords available across platforms. Any file-sharing application, such as iCloud, Google Drive, or Dropbox, can help you transfer the KeePassX database file to other systems.
Why not do this the open source way? The free ownCloud tool is a great way to set up your own file-sharing cloud. You can set up a private installation of ownCloud to make the KeePassX database available on all your devices: You don't need a third-party server. Install ownCloud on your home PC and access it via the LAN/WiFi from other devices.
After downloading ownCloud from the website [4], installation is very easy. (See the installation instructions online [5] or refer to the user manual for more on operating ownCloud [6].) You just need a web server running on your computer. You can then drop the ownCloud folder to the web server's root directory. Access the folder via your browser and set up the admin user, and you are ready to roll.
After you log in successfully, you can add another layer of security by enabling ownCloud encryption. To do so, click on the drop-down menu on the far right and go to the Apps page. Scroll down to select the Encryption plugin, enable it, log out, and log in again to generate the encryption keys. Upload the KeePassX file to ownCloud.
To make sure your ownCloud is available throughout your local network; you need to edit the config.php
file in the owncloud/config
folder. Open the file, go to the trusted_domains
section, and add the IP address of the system hosting ownCloud. Now you can access your ownCloud from other network devices. If you log in from another device, you will see that the KeePassX file is available on your LAN (Figure 7). Install KeePassX on your mobile device, and open the database file (Figure 8). All your passwords are now available on your mobile devices.
Since the network you are using is your home network, and it is possible you will make changes to the KeePassX file when you are not on the home network, be sure the file is synced before you use it on other devices, or you might end up with several version of the same file.
Encryption Algorithms
KeePassX uses two of the most secure encryption algorithms available today: AES and the Two Fish algorithm.
AES is a symmetric-key cipher, meaning the same key is used for the encryption and decryption of the data. It is a block cipher, with block size fixed at 128 bits (i.e., it operates on chunks of 128 bits of data). The key size used for an AES cipher can be 128, 192, or 256 bits. Check out AES encryption process with the flash animation available online [2].
Two Fish algorithm was one of the five finalists during the AES selection process. Although Two Fish was not selected because of performance concerns, it offers similar or even better security than the Rijndael algorithm that was eventually chosen for AES. Two Fish is also a symmetric key algorithm, with block size of 128 bits and key size ranges from 128 to 256 bits. The Two Fish algorithm is not patented, and the implementation is available for download [3].
Infos
- KeePassX homepage: http://www.keepassx.org/
- AES encryption video: http://www.formaestudio.com/rijndaelinspector/archivos/Rijndael_Animation_v4_eng.swf
- Two Fish encryption: https://www.schneier.com/twofish.html
- ownCloud homepage: http://owncloud.org/
- Installing ownCloud https://owncloud.org/install/
- ownCloud user manual: http://doc.owncloud.org/server/8.0/user_manual/
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs