Password managers have become something of a religion, which is a very good sign in theory. People getting passionate about protecting their stored secrets sounds like a win for infosec management. On the other hand, discussions may get heated about an exact password manager one should worship. Imagine office rules soon may be updated to say it is inappropriate to discuss politics, sports and password databases.
Of course for those who see all the religions as roughly equivalent in spirit, none of them being perfect and all having some virtues, they may seek easy conversion paths to embrace options. Come along and don your pope robe, grab a yarmulke, put on your tilak, etc. and covert your belief secret tomes by sliding easily between password databases.
Wait for it…safe implementation.
It seems fair to require that a password manager that asks users to authenticate themselves with a password, at least provides secrecy and data authenticity. This is currently only achieved by a single password database format, namely PasswordSafe v3. As a general rule, a password manager should be explicit about the security offered by the underlying database format.
Thus in 2015 one might rightly be expected to worship the psafe3 scriptures as holier than thou. Now that we are in 2018, however, others have rightly pointed out that PasswordSafe and the cross-platform version PasswordGorilla have seen few updates. As other password managers are iterating more rapidly, the believers wonder when will PasswordGorilla 1.6 drop and can their faith last until such prophecy comes true?
KeePass in particular has been developing a large following, and I’ve been told there’s an entire plugin movement devoted to the art of bringing other faiths under their big tent. This makes it one of the better examples for those looking into multi-platform solutions with flexible options. Apparently the conversion steps are simple.
Prerequisite: This conversion presumes you have a psafe3 file on a running Windows system, such as PasswordSafe installed on a virtual machine easily downloaded from Microsoft.
A) Conversion from psafe3 (version 1, 2, or 3) to kdb (version 1)
- Download the old version 1.09 zip file of KeePass (max supported conversion version)
- Download the PwSafeDBImport plugin zip file
- Extract the KeePass 1.09 zipfile to a new directory
- Extract the PwSafeDBImport.dll to the same directory
- Start KeePass.exe
- Select the Tools drop-down and then Plugins
- Right-click on the PwSafeDbImport plugin and choose Enable
- Exit KeePass
- Start KeePass (to load the PwSafeDBImport plugin)
- Click on the New Database icon and set a strong master key (KeePass recommends 96 bits or more)
- Select the File drop-down, then choose Import from and select PwSafe database (option at bottom, do not select psafe2 TXT file)
- Select the psafe3 database you want to import from
- Enter your psafe3 database password
- Review KeePass folders to verify integrity of imported secrets
- Click on the Save icon and set a kdb filename
B) Conversion from kdb (version 1) to kdbx (version 2)
- Start KeePass
- Select Database drop-down and then select Import KeePass 1 Database
- Select kdb file and enter master key
- Click on the Save icon and set a kdbx filename
Can I get an Amen?
In my next post on this topic, we will discuss hosted databases and why nobody expects the cloud inquisition.