KeePass Sync

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantie, robyn, JoeSiegrist

KeePass Sync

Postby dobesv » Sun Jan 18, 2009 5:08 am

KeePass has a very nice user interface and fills in my passwords quite easily in any application. LastPass works well for the browsers and syncs and backs up to an online service.

It would be great to have a KeePass plugin that syncs data to/from LastPass as a way to back up the data and make the browser-based form-filling easier (for the browsers supported by LastPass).
dobesv
 
Posts: 2
Joined: Sun Jan 18, 2009 5:04 am

Re: KeePass Sync

Postby sameer » Sat Jan 24, 2009 12:12 am

We provide a KeePass importer along with a de-deplication tool.
Past that - truth be told - since we'd like you to be using LastPass instead of KeePass, I doubt we'll be developing this.

Is this just a UI thing, or is there a specific feature-set that KeePass provides that you find missing in LastPass?
If there's something that provides value that is missing, we'd like to add it.
If you're simply looking for an native desktop application where you can view your information, you could
try LastPass Pocket available from the download page.

Thanks.
sameer
Site Admin
 
Posts: 264
Joined: Tue Aug 19, 2008 9:43 pm
Location: Toronto, Canada

Re: KeePass Sync

Postby knightnet » Fri Jan 30, 2009 7:52 am

sameer wrote:Is this just a UI thing, or is there a specific feature-set that KeePass provides that you find missing in LastPass?
If there's something that provides value that is missing, we'd like to add it.
If you're simply looking for an native desktop application where you can view your information, you could
try LastPass Pocket available from the download page.

Thanks.


Perhaps I can add to this debate.

I use KeePass because:
- It is cross platform (Windows, Linux, Mac and Windows Mobile)
Currently LastPass only covers some of these platforms - in particular it doesn't yet have full support for Windows Mobile

- It is browser and application agnostic (not tied to a specific browser/s)
LastPass is tied to a subset browsers. The bookmarklets help extend this slightly though I am concerned (actually VERY concerned) about the security of these and I would like to see some "official" documentation demonstrating the security of the bookmarklets.
Even with the bookmarklets, LastPass has nowhere near the features of KeePass for none-browser based applications - and I'm not sure you would ever want to have that. The strength of LastPass IS its browser integration, that's why I use it as well as KeePass - it is more convenient for those majority of web site log-ins that don't require high levels of security.

- It's security model is PROVEN
This is a real "biggie". Until there has been an audit of LastPass features and code by security experts that are known and trusted, there has to remain some question regarding it's security. That is why I don't use LastPass to store financial details and logins.
To make things harder, the local file storage of KeePass means that it is a much simpler security model. LastPass has to cover a whole raft of additional worries such as the robustness of JavaScript, the browsers, the network/Internet and so on so I'm afraid there is a lot of work to do here and it really needs doing.
I know this has been mentioned before and that it would cost real money to do. How about starting a fund specifically to start the process of verification of LastPass security? I know that many people (myself included) would be prepared to contribute something to a fund that would be used for this.

- The secure data is MINE
This is simple model. It may not actually be more secure but the decisions are all mine and the data is local.
Of course, LastPass will export it's data to XML so that is excellent. I keep a copy of the exported file in a TrueCrypt container. I could also keep it as an attached file in KeePass :)

- The database format is open and supported by several applications
LastPass is getting there and as more people use it, it will get better support I'm sure. It has come a long way in a short time and is beginning to get the exposure it rightly deserves. This point is therefore not really against LastPass, just a comment.

Does that give a flavour as to why people might want to use KeePass?

Please don't take the above as critisism - it's not. I like LastPass and think that it is a great tool & I will continue to use it, indeed it gets far more use than KeePass since I am having to log-in to many web sites each day. I also look forward to seeing how it gets developed in the near future.
knightnet
 
Posts: 44
Joined: Wed Oct 01, 2008 11:29 am
Location: Sheffield, UK

Re: KeePass Sync

Postby sameer » Tue Feb 10, 2009 4:42 pm

Thanks for the response knightnet,

Currently LastPass only covers some of these platforms - in particular it doesn't yet have full support for Windows Mobile

You can use the LastPass bookmarklet on Windows Mobile with OperaMini....as well as a host of other browsers that you might not
be able to use with other password managers (eg:Chrome).

LastPass is tied to a subset browsers

This is true, but we try to work with as many browsers as possible.
We didn't want to become just another desktop password manager - we want to make things easier for users.

I am concerned (actually VERY concerned) about the security of these and I would like to see some "official" documentation demonstrating the security of the bookmarklets.

We'll update our FAQ to address this.

How about starting a fund specifically to start the process of verification of LastPass security?

3rd party verification is in our plans. Doing it while we're still in beta, with frequent releases, doesn't make sense.
Having said this, each time you update any software on your computer, do you seek out developers who have verified
each and every line of the code? Do you know these developers personally and know their relationship with the company
promoting the software? My point is that it no matter the level of verification, it always comes down to an issue of trust.

The secure data is MINE

The database format is open and supported by several applications

We have gone out of our way to avoid gaining access to any of your data.
We have also gone out of our way to make sure you can export your data anytime, from anywhere - and even reimport it into FF.
We allow you to export your data in CSV format from the plugin, from the website, and from a standalone crossplatform desktop application.
We hope to come out with a version that supports local-only, or, the ability to let you choose what data you want encrypted and sent.

I completely realize why you and others might want to run KeePass.
I don't mean to attack KeePass or any other password managers.
Many of them, includign KeePass, are very good.
It satisfies a need just like LP does...

LP is evolving rapidly...largely based on community feedback.
You have some valid concerns - some of which can be addressed...and we're working hard to address them and make LP even better.

Thanks.
sameer
Site Admin
 
Posts: 264
Joined: Tue Aug 19, 2008 9:43 pm
Location: Toronto, Canada

Re: KeePass Sync

Postby knightnet » Wed Feb 11, 2009 7:58 am

sameer wrote:Thanks for the response knightnet,

Currently LastPass only covers some of these platforms - in particular it doesn't yet have full support for Windows Mobile

You can use the LastPass bookmarklet on Windows Mobile with OperaMini....as well as a host of other browsers that you might not
be able to use with other password managers (eg:Chrome).

Yep, that's good :D
However, my main concern is that these browsers and many of their platforms (e.g. Windows Mobile) have effectively NO SECURITY of their own. That means that any of the sites and passwords stored in the bookmarklet are open to theft if someone gets access to the device (much more likely with a mobile phone of course). So it is essential that users and potential users are warned clearly of this limitation.
sameer wrote:
LastPass is tied to a subset browsers

This is true, but we try to work with as many browsers as possible.
We didn't want to become just another desktop password manager - we want to make things easier for users.

Yep, and I appreciate that certainly. It's good to see someone taking a different view.
sameer wrote:
I am concerned (actually VERY concerned) about the security of these and I would like to see some "official" documentation demonstrating the security of the bookmarklets.

We'll update our FAQ to address this.

How about starting a fund specifically to start the process of verification of LastPass security?

3rd party verification is in our plans. Doing it while we're still in beta, with frequent releases, doesn't make sense.
Having said this, each time you update any software on your computer, do you seek out developers who have verified
each and every line of the code? Do you know these developers personally and know their relationship with the company
promoting the software? My point is that it no matter the level of verification, it always comes down to an issue of trust.


This is good to know & I appreciate that it's a matter of timing - it's not a criticism particularly, just a reminder - maybe another FAQ entry for clarity?
sameer wrote:

The secure data is MINE

The database format is open and supported by several applications

We have gone out of our way to avoid gaining access to any of your data.
We have also gone out of our way to make sure you can export your data anytime, from anywhere - and even reimport it into FF.
We allow you to export your data in CSV format from the plugin, from the website, and from a standalone crossplatform desktop application.
We hope to come out with a version that supports local-only, or, the ability to let you choose what data you want encrypted and sent.

OK, I know that you've tried to ensure that you don't see the data, but how about me? It's not really a question of exporting - actually you are already doing well with imports and exports, no problem there.
sameer wrote:
I completely realize why you and others might want to run KeePass.
I don't mean to attack KeePass or any other password managers.
Many of them, includign KeePass, are very good.
It satisfies a need just like LP does...


Absolutely! And, as I've said, I'm not attacking LP at all. After all, I am using it on two computers (soon to be three) across three browsers (soon to be 5!) - just not for my really secure logins - just yet. ;)
sameer wrote:
LP is evolving rapidly...largely based on community feedback.
You have some valid concerns - some of which can be addressed...and we're working hard to address them and make LP even better.

Thanks.


That's all I really wanted to know!
I think that LP is going in the right direction and I've been pleased with progress so far, I look forward to future developments.
knightnet
 
Posts: 44
Joined: Wed Oct 01, 2008 11:29 am
Location: Sheffield, UK

Re: KeePass Sync

Postby sameer » Wed Feb 11, 2009 12:04 pm

Hi Julian,

We recently added an FAQ entry on how the bookmarklet works: https://lastpass.com/faq.php#bookmarklet
We also recently added an account setting letting you specify a "Bookmarklet auto-logout timeout".

Also, an FAQ entry on 3rd party verifidation was added - it will show up tomorrow as we plan on releasing tonight.

Again, thanks for the feedback and the discussion.
Trust me when I say that your words are appreciated and your ideas have been given serious thought.
This is the way LP really gets better - by having suggestions from users who really care about the product and want to make it even better.
sameer
Site Admin
 
Posts: 264
Joined: Tue Aug 19, 2008 9:43 pm
Location: Toronto, Canada

Re: KeePass Sync

Postby knightnet » Wed Feb 11, 2009 1:15 pm

Great, thanks for listening.
knightnet
 
Posts: 44
Joined: Wed Oct 01, 2008 11:29 am
Location: Sheffield, UK

Re: KeePass Sync

Postby xerloq » Tue May 26, 2009 4:14 pm

I'd like to see a KeePass <=> LastPass sync option as well. I use LastPass at home and abroad, but cannot use it at work for security reasons. I can use KeePass, however. If I could sync my passwords both ways at home, I'd have all my passwords available everywhere. Currently I have to enter passwords I create/update at home manually into KeePass. Because of the volume of passwords I have, I don't want to continue doing both. Without this feature, I'll most likely move solely to KeePass.
xerloq
 
Posts: 4
Joined: Mon Mar 09, 2009 4:24 pm

Re: KeePass Sync

Postby JoeSiegrist » Tue May 26, 2009 5:16 pm

xerloq wrote:I'd like to see a KeePass <=> LastPass sync option as well. I use LastPass at home and abroad, but cannot use it at work for security reasons. I can use KeePass, however. If I could sync my passwords both ways at home, I'd have all my passwords available everywhere. Currently I have to enter passwords I create/update at home manually into KeePass. Because of the volume of passwords I have, I don't want to continue doing both. Without this feature, I'll most likely move solely to KeePass.


How is the Firefox portable version or LastPass pocket different than keypass? Why would keypass get a pass at your work and our products not get the same treatment? Both will l work without a network connection to LastPass.
JoeSiegrist
 
Posts: 4144
Joined: Wed Aug 20, 2008 10:40 am

Re: KeePass Sync

Postby nazariuskappertaal » Tue Jan 19, 2010 4:52 am

I've made a simple python script that allows you to convert the LastPass export format (just save the export as a text file in the same directory as the script) to the KeePass XML import format.

It can be found here: http://github.com/nazariuskappertaal/lastpass2keepass

Usage: python lastpass2keepass lastpassexport keepass.xml

To sync with LastPass:

Import your current KeePass database to LastPass - as they de-duplicate for you.
Pull an export.
Convert it with lastpass2keepass.
Import the .xml -> and bang your synced.

NOTE: It now supports groups - icons are lost however, as LastPass does not retain them.
nazariuskappertaal
 
Posts: 1
Joined: Tue Jan 19, 2010 1:22 am

Next

Return to Feature Requests

Who is online

Users browsing this forum: Google [Bot] and 5 guests