KeePass 2.35 password manager released - gHacks Tech News

KeePass 2.35 password manager released

KeePass 2.35 has just been released; the latest version of the popular desktop password manager for Windows ships with a new file format and Argon2 support among other things.

KeePass is my password manager of choice, and at least some regulars here on Ghacks are using it as well instead of other password managers.

What I like in particular about it is that it is a local password manager that you can extend if you want to. There are plugins to integrate better in browsers, to sync between devices, and for a lot of other things that some users may like but others don't require.

KeePass was audited recently as well -- version 1.x only however -- and nothing critical in terms of vulnerabilities were found in the password manager.

KeePass 2.35

keepass 2.35

While you can run an update check in the program itself -- it will check for updates automatically as well -- you will have to download the latest version of KeePass from the official project site as automatic updates are not supported.

Just head over to the downloads page on the KeePass website to download the latest version. The software is as usually offered as an installer and a portable version.

Installation should not pose any issues at all, nothing seems to have changed in the installer. Your old password database files will load just fine in the latest version of KeePass, so nothing changed in this regard as well.

Changes in KeePass 2.35

KeePass 2.35 ships with a new file format, KDBX 4, which offers improvements over previous versions and new capabilities. We talked about the benefits in a previous article already, so only the basics this time.

KDBX 4 supports ARgon2 key derivation. The function won the password hashing competition recently. The main advantage of it over the function used previously is that it offers better resistance against GPU/ASIC attacks.

keepass argon2

KeePass users can choose between AES-KDF (the default used in KeePass 2.34 and earlier) and Argon2 in the database settings:

  1. Select File > Database Settings.
  2. Switch to Security.
  3. Select one of the support key derivation functions under Key transformation.

Other improves in the new KeePass 2.35 include:

  • Header and data authentication has improved.
  • KeePass header is extensible by plugins (KDBX 4 only).
  • Added ChaCha20 encryption algorithm. Used for password generation now.
  • Support for opening items in Firefox's and Opera's private browsing mode. Also, URL override suggestions, and built-in global URL overrides for the private browsing modes of the two browsers.

keepass open

  • Option to show entries that are about to expire, and change the value of expire:soon from the default 7 days.
  • Remember key sources will also remember if a master password has been used.
  • Added force change master password option to File > Database Settings > Advanced.

keepass master key

  • Support for various new password format imports.
  • Plugins can store custom data in groups and entries.
  • Plugin data can now be inspected in the database maintenance dialog. You may also delete it there.
  • Improved auto-type support. Global auto-types works with empty window titles now.
  • The MSI file does not require a specific Microsoft .NET Framework version anymore.

You can access the full list of changes of KeePass 2.35 on the official website.

Closing Words

KeePass 2.35 improves the password manager in several meaningful ways. The new database file format supports new features and a new key derivation function. There is also a new encryption algorithm, and plugins are bound to become more powerful with the extra features they can now utilize.

The upgrade to KeePass 2.35 from previous versions worked fine on two test systems I ran the upgrade on. Everything worked just like before after the upgrade completed.

Now You: Which password manager do you use, and why?

software image
Author Rating
4 based on 8 votes
Software Name
KeePass 2.35
Operating System
Software Category
Landing Page

  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:


    1. Alan said on January 9, 2017 at 5:57 pm

      KeePass is the perfect password manager.

    2. CHEF-KOCH said on January 9, 2017 at 6:07 pm

      Agreed. ^^

    3. John said on January 9, 2017 at 7:42 pm

      Hello Martin.

      Any plugins you can recommend?

      1. Martin Brinkmann said on January 9, 2017 at 7:46 pm

        John, I don’t use any. I prefer to do everything manually.

    4. Tom Hawack said on January 9, 2017 at 9:26 pm

      I’ve been using ‘AnyPassword Pro’ version: 1.07, released March 5, 2011, not updated since … because I’ve got used to it. Certainly not the same aura as KeePass, not tweakable but for my needs quite enough. I tried KeePass once but found it too feature rich considering my environment. I guess concerning security itself KeePass is more advanced but the idea is that I wouldn’t install an armour-plated door if the indoor values don’t require it. Make as simple as possible. The “possible” is subjective when my subjectivity is far tougher when it comes to an OS, a browser.

    5. User001 said on January 9, 2017 at 9:45 pm

      Database Encryption:
      Advanced Encryption Standard (AES / Rijndael) 256 bits NIST FIPS 197
      ChaCha20 256 bits RFC 7539

      Anyone which one is better?

      1. Dan said on January 9, 2017 at 11:56 pm

        AES is still my preferred cipher. It continues to defy sustained cryptanalysis for almost twenty years. It has also won a block-cipher competition. ChaCha20 is a stream cipher that, while it looks secure, has not had the sustained scrutiny and cryptanalysis as AES. It may be good, or it may have an undiscovered flaw. Be conservative, choose AES.

    6. Dan said on January 10, 2017 at 12:26 am

      Question. If I upgrade to this version and later edited my database, will it force upgrade my database to the latest format? I don’t want to upgrade the database format yet until I am assured that my Linux app (KeepassX) and Android app (Keepass2Android) can also open the new format. (I sync my database through various devices via Spideroak.)

      1. kbttsovlaj said on January 10, 2017 at 10:52 am

        Migration Phase. As not all major KeePass ports have finished adding support for KDBX 4 yet, for now KeePass 2.35 saves databases in this new format only when at least one of the following conditions is fulfilled:

        AES-KDF is not selected as key derivation function (KDBX 3.1 only supports AES-KDF; any other key derivation function, like for instance Argon2, requires KDBX 4).
        A plugin requests to store custom header data in the KDBX file.
        A plugin requests to store custom data in an entry or a group.

        As soon as all major KeePass ports support KDBX 4, KeePass will always save in this format.

    7. hahaha said on January 10, 2017 at 7:27 am

      Does this new version break the KeeFox addon (firefox)? Thx.

      1. yanitch said on January 11, 2017 at 12:06 pm

        No, it works just fine

    8. Sean said on January 10, 2017 at 3:57 pm

      I’ve always been using Lastpass so far. I like a feature that I don’t have to recall the passwords, Lastpass always brings the password(s) for me. Is this feature available at Keypass?

      1. George P. Burdell said on January 11, 2017 at 12:17 am

        @ Sean, here is a feature of Lastpass you might want to think about …

        Personally, I like the idea of storing my passwords locally on my own machine, rather than on somebody else’s server somewhere out there.

    9. multi-pass said on January 11, 2017 at 12:00 am

      What would be great is a multi-password db: one password opens one side of the db (dummy), while another opens another (the real one)…

    10. arnauld said on January 11, 2017 at 9:48 am

      and how can I upgrade in Ubuntu ? thks

    11. Anonymous said on January 11, 2017 at 9:52 am

      My password manager, but I don’t like their choice to use for the download.

    Leave a Reply