KeePass 2.35 password manager released

KeePass 2.35 has just been released; the latest version of the popular desktop password manager for Windows ships with a new file format and Argon2 support among other things.

KeePass is my password manager of choice, and at least some regulars here on Ghacks are using it as well instead of other password managers.

What I like in particular about it is that it is a local password manager that you can extend if you want to. There are plugins to integrate better in browsers, to sync between devices, and for a lot of other things that some users may like but others don't require.

KeePass was audited recently as well -- version 1.x only however -- and nothing critical in terms of vulnerabilities were found in the password manager.

KeePass 2.35

keepass 2.35

While you can run an update check in the program itself -- it will check for updates automatically as well -- you will have to download the latest version of KeePass from the official project site as automatic updates are not supported.

Just head over to the downloads page on the KeePass website to download the latest version. The software is as usually offered as an installer and a portable version.

Installation should not pose any issues at all, nothing seems to have changed in the installer. Your old password database files will load just fine in the latest version of KeePass, so nothing changed in this regard as well.



Changes in KeePass 2.35

KeePass 2.35 ships with a new file format, KDBX 4, which offers improvements over previous versions and new capabilities. We talked about the benefits in a previous article already, so only the basics this time.

KDBX 4 supports ARgon2 key derivation. The function won the password hashing competition recently. The main advantage of it over the function used previously is that it offers better resistance against GPU/ASIC attacks.

keepass argon2

KeePass users can choose between AES-KDF (the default used in KeePass 2.34 and earlier) and Argon2 in the database settings:

  1. Select File > Database Settings.
  2. Switch to Security.
  3. Select one of the support key derivation functions under Key transformation.
Read also:  Maxon Cinebench: benchmark software with comparison

Other improves in the new KeePass 2.35 include:

  • Header and data authentication has improved.
  • KeePass header is extensible by plugins (KDBX 4 only).
  • Added ChaCha20 encryption algorithm. Used for password generation now.
  • Support for opening items in Firefox's and Opera's private browsing mode. Also, URL override suggestions, and built-in global URL overrides for the private browsing modes of the two browsers.

keepass open

  • Option to show entries that are about to expire, and change the value of expire:soon from the default 7 days.
  • Remember key sources will also remember if a master password has been used.
  • Added force change master password option to File > Database Settings > Advanced.

keepass master key

  • Support for various new password format imports.
  • Plugins can store custom data in groups and entries.
  • Plugin data can now be inspected in the database maintenance dialog. You may also delete it there.
  • Improved auto-type support. Global auto-types works with empty window titles now.
  • The MSI file does not require a specific Microsoft .NET Framework version anymore.

You can access the full list of changes of KeePass 2.35 on the official website.

Closing Words

KeePass 2.35 improves the password manager in several meaningful ways. The new database file format supports new features and a new key derivation function. There is also a new encryption algorithm, and plugins are bound to become more powerful with the extra features they can now utilize.

The upgrade to KeePass 2.35 from previous versions worked fine on two test systems I ran the upgrade on. Everything worked just like before after the upgrade completed.

Now You: Which password manager do you use, and why?

Summary
Author Rating
4 based on 8 votes
Software Name
KeePass 2.35
Operating System
Windows
Software Category
Security
Landing Page

Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to KeePass 2.35 password manager released

  1. Alan January 9, 2017 at 5:57 pm #

    KeePass is the perfect password manager.

  2. CHEF-KOCH January 9, 2017 at 6:07 pm #

    Agreed. ^^

  3. John January 9, 2017 at 7:42 pm #

    Hello Martin.

    Any plugins you can recommend?

    • Martin Brinkmann January 9, 2017 at 7:46 pm #

      John, I don't use any. I prefer to do everything manually.

  4. Tom Hawack January 9, 2017 at 9:26 pm #

    I've been using 'AnyPassword Pro' version: 1.07, released March 5, 2011, not updated since ... because I've got used to it. Certainly not the same aura as KeePass, not tweakable but for my needs quite enough. I tried KeePass once but found it too feature rich considering my environment. I guess concerning security itself KeePass is more advanced but the idea is that I wouldn't install an armour-plated door if the indoor values don't require it. Make as simple as possible. The "possible" is subjective when my subjectivity is far tougher when it comes to an OS, a browser.

  5. User001 January 9, 2017 at 9:45 pm #

    Database Encryption:
    Advanced Encryption Standard (AES / Rijndael) 256 bits NIST FIPS 197
    ChaCha20 256 bits RFC 7539

    Anyone which one is better?

    • Dan January 9, 2017 at 11:56 pm #

      AES is still my preferred cipher. It continues to defy sustained cryptanalysis for almost twenty years. It has also won a block-cipher competition. ChaCha20 is a stream cipher that, while it looks secure, has not had the sustained scrutiny and cryptanalysis as AES. It may be good, or it may have an undiscovered flaw. Be conservative, choose AES.

  6. Dan January 10, 2017 at 12:26 am #

    Question. If I upgrade to this version and later edited my database, will it force upgrade my database to the latest format? I don't want to upgrade the database format yet until I am assured that my Linux app (KeepassX) and Android app (Keepass2Android) can also open the new format. (I sync my database through various devices via Spideroak.)

    • kbttsovlaj January 10, 2017 at 10:52 am #

      http://keepass.info/help/kb/kdbx_4.html#intro

      Migration Phase. As not all major KeePass ports have finished adding support for KDBX 4 yet, for now KeePass 2.35 saves databases in this new format only when at least one of the following conditions is fulfilled:

      AES-KDF is not selected as key derivation function (KDBX 3.1 only supports AES-KDF; any other key derivation function, like for instance Argon2, requires KDBX 4).
      A plugin requests to store custom header data in the KDBX file.
      A plugin requests to store custom data in an entry or a group.

      As soon as all major KeePass ports support KDBX 4, KeePass will always save in this format.

  7. hahaha January 10, 2017 at 7:27 am #

    Does this new version break the KeeFox addon (firefox)? Thx.

    • yanitch January 11, 2017 at 12:06 pm #

      No, it works just fine

  8. Sean January 10, 2017 at 3:57 pm #

    I've always been using Lastpass so far. I like a feature that I don't have to recall the passwords, Lastpass always brings the password(s) for me. Is this feature available at Keypass?

  9. multi-pass January 11, 2017 at 12:00 am #

    What would be great is a multi-password db: one password opens one side of the db (dummy), while another opens another (the real one)...

  10. arnauld January 11, 2017 at 9:48 am #

    and how can I upgrade in Ubuntu ? thks

  11. Anonymous January 11, 2017 at 9:52 am #

    My password manager, but I don't like their choice to use sourceforge.net for the download.

Leave a Reply