KeePass and KeePassX Cross-platform Password Management

The enormity of passwords one has to maintain is inversely proportional to the excitement level in creating new accounts that require them. Either that or:

  • Use a base passphrase and tailor it according to the site being logged into.
  • Simply reuse the same password – a practice highly discouraged and should be stopped.
  • Use a password manager to generate and maintain strong passwords.

There is a compelling case to use the third option: It removes the major burden of doing the first two options and in their place, just a single password to maintain. As to what comprises a good password manager, will be left to one’s preference. Having said that, what I consider relevant features are the following:

  • Has cross-platform support: Linux, Mac OS X, and Windows.
  • Does not require installation. Therefore, along with the password database, can be carried around in a USB flash drive and can run in non-admin mode.
  • Strong database encryption.
  • Preferably an open-source application.

These four points are covered by KeePass (Windows) in combination with its fork KeePassX (Linux and Mac OS X). I am using both to at least demonstrate the point regarding cross-platform  as KeePassX is a fork. The database compatibility though between the two applications is with KeePass 1.xx and KeePass 0.4.x, therefore I stick with those releases.

Installing on Windows

KeePass has a different installer for Portable Mode and it came with a zip file. All it needed was to unzip it to a directory on the USB flash drive.

Installing on Linux

KeePassX does not have a compiled binary for Fedora so it has to be built from source. I used my just-recently configured Fedora 14 as the build box. Fig. 1 shows the mounted USB flash drive where it would eventually be installed.

Location of KeyPassX Installation

Fig. 1: KeyPassX Installation Location

There were very a few things that need resolving along the way as the Linux box is practically devoid of relevant development tool-chain. The following are the items that were encountered during the build process:

  • The INSTALL readme file requires qmake-qt4.
  • qmake-qt4 PREFIX is an option to install directly to a preferred directory. For this I used qmake-qt4 PREFIX=/media/<usb_flash_drive> as seen on Fig. 1.
  • The build requires g++.
  • During the build process, an X header file missing error occurred. Electing not on precision installation for X development, I just did sudo yum groupinstall "X Software Development". That should install everything X but the kitchen sink.

Did a make and make install afterwards. This installs the binary on the directory specified by PREFIX.

Installing on Mac OS X

Installing on Mac is a drag-n-drop operation. Fig. 2 shows the installation from the KeePassX-0.4.3.dmg installer to the USB flash drive, whose volume is mounted as NO NAME. Note that the volume already shows three installations: a Linux, Mac OS X, and Windows.

Mac OS X KeePassX Installation

Fig. 2: KeePassX Installation on Mac OS X

The User Interface

Fig. 3 shows the built KeePassX binary on Linux.

KeePassX Running on Linux

Fig. 3: KeePassX Running on Linux

Fig. 4 shows Mac OS X KeePassX:

KeePassX Runnng on Mac OS X

Fig. 4: KeePassX Runnng on Mac OS X

Fig. 5 shows Windows KeePass:

KeePass Running on Windows

Fig. 5: KeePass Running on Windows

The password generator utility is itself a nice utility which can be accessed from the menu directly. This is handy when generating a quick password without intending to save it to the database. Fig. 6 shows the password generator utility.

KeePassX Password Generator Utility

Fig. 6: KeePassX Password Generator Utility

The Final (Pass)word

I use three kinds of platforms on a daily basis: Linux, Mac OS, and Windows, and I use all of them to access different sites. Having KeePass/KeePassX (on my USB flash drive) eliminated the need for mental gymnastics remembering my passwords for each site. I only have to remember the one password to open my KeePass/KeePassX key database. I have to add though that before transitioning to KeePass, it took me a while to memorise the single password I planned to use on it. I only committed to using KeePass when I was absolutely sure I was able to remember the password to it. After being comfortable with the password, I changed all relevant login passwords generated from KeePass and never looked back ever since.


Multi-platform USB Flash Drive Security with TrueCrypt

Just thinking of losing a flash drive full of data is enough to make me feel apprehensive. Which is mostly why I do not carry a USB flash drive for fear of losing it. That was the case until I learned about truecrypttruecrypt provides on-the-fly encryption/decryption (OTFE/OTFD) with a multi-platform support.

If I have been able to go on without carrying a flash drive, why – on account of learning about truecrypt – start now? It turns out, I have suddenly found good reasons for doing it; never mind that others may find my rationalisation as a mere excuse. Here are three of my reasons:

  • I need to carry data in a secure manner.
  • I use multiple platforms: Linux, Mac, and Windows PC. Windows machines are on a separate network. Movement of data between networks is severely limited and USB flash drive is the best way for transport.
  • It is an open-source software according to their licensing terms, and is likely free of hidden backdoor code.

A note about Portable Mode or Usage without Admin Privilege

Truecrypt provides an encrypted volume (or container) to hold data. In order to access the data in the encrypted volume, it needs to be mounted. This action provides the user with a clever view  of a plain unencrypted data. There are two things that happen behind the scene to make this possible: the mounting of the encrypted volume, and transparent OTFE/OTFD of the data to and from the mounted volume. The OTFE/OTFD requires the driver to be installed across machines the user wants to use truecrypt on. The installation of course only being possible with an admin privilege. Once this is installed, only then can any non-admin user use truecrypt.

It does have a Portable Mode though. What this mode does is to give the user the option of running truecrypt without installing anything. Be aware that it requires admin privilege on the machine to run due to the OTFE/OTFD. The following method is how I would use truecrypt on different platforms:

  • Install via sudo on Linux box and use regular username to run it.
  • Install via admin on Mac and use regular username to run it.
  • Forgo install on Windows PC, and use Portable Mode instead. Run it using runas.


Installers for Linux, Mac OS, and Windows can be downloaded from truecrypt website: truecrypt-7.0a-linux-x86.tar.gz (Linux), TrueCrypt 7.0a Mac OS X.dmg (Mac OS), TrueCrypt Setup 7.0a.exe (Windows).

Linux Installation

TrueCrypt installation in Linux

Fig. 1: Linux install screen

Installing on Linux is straightforward:

  • Extract the installer from the tarball truecrypt-7.0a-linux-x86.tar.gz and run the extracted truecrypt-7.0a-linux-x86.
  • The installation prompts the user with two options as shown on Fig. 1. Choose (1) to install truecrypt in /usr/bin. This requires sudo.
  • At the end of the license term agreement, the user will be asked for the sudo password prior to installation in /usr/bin. as shown on Fig. 2.
TrueCrypt Linux Install sudo prompt

Fig. 2. TrueCrypt Linux Install sudo prompt

After the quick installation, truecrypt can then be ran from the shell. The GUI is shown on Fig. 3.

TrueCrypt application on Linux

Fig. 3: TrueCrypt running on Linux

Mac Installation

Installing on Mac is just as straightforward:

  • Open TrueCrypt 7.0a Mac OS X.dmg
  • Run the installer TrueCrypt 7.0a Mac OS X. After a series of screens, it prompts the user for an admin username/password as shown on Fig. 4. The software will then be installed in /Applications.
TrueCrypt Mac Install

Fig. 4: Mac Install

From the /Applications folder, run truecrypt. Fig. 5, shows the Mac version of the software.

TrueCrypt application on Mac OS X

Fig. 5: TrueCrypt running on Mac

Windows Installation

For Windows PCs, I opt for Portable Mode. The installation is, again, a very straightforward affair:

  • Run TrueCrypt Setup 7.0a.exe. The installer displays the option as shown on Fig. 6.
  • Choose Extract and provide the installer with the preferred directory.
  • Choose a directory that the standard user has a read/write access.

Fig. 6: TrueCrypt Portable Mode Installation

Since it is in Portable Mode, the software can only be ran via an admin privilege. From a DOS prompt, I run it similar to the following:

runas /user:some-admin-user Drive:\ProgFiles\TrueCrypt

Fig. 7 shows the Windows version of the software.

TrueCrypt application on Windows

Fig. 7: TrueCrypt Running in Windows


truecrypt has been a very useful tool for my purpose, and I would continue using it for a very long time. Though if others carrying the software on a USB stick expect it to run on any machine, e.g.: public terminals, they will be disappointed. It simply can not run unless an admin installed the driver prior to using it, or in Portable Mode the user has admin privilege to run it.