It’s an advent calendar for tech-savvy people. In the fully commercialized digital world, almost everything is owned by a large internet company. Their software is neither open nor free. As an alternative, there is this small island of the open source world: software whose code is publicly visible and can be independently verified for possible security breaches and backdoors. Software that can be freely used, distributed and improved. Often the motivation for work is simply the joy of providing something useful to the company.

Short portraits of open source projects will be published on heise online from December 1 to 24. These are the functions of the respective software, pitfalls, history, context, and funding. Some projects are supported by an individual, others by a loosely organized community, a tightly managed foundation with full-time employees, or a consortium. The work is completely voluntary, or it is funded through donations, cooperation with internet companies, government funding, or an open source business model. Whether it is a single application or a complex ecosystem, whether it is a PC program, an application or an operating system, the diversity of open source is overwhelming.

December 8: The KeePass password manager

KeePass helps manage passwords. A lean project made in Baden-Württemberg with a large ecosystem. KeePass is a password manager for PC, mainly for Windows. 2020 has become KeePass downloaded approximately 7.3 million times, above all of Germany and the United States. The software is licensed under the GNU GPLv2 license. There are approximately 180 plug-ins and extensions that allow a secure cloud connection, for example.

KeePass focuses on the main functions and is installed and configured with just a few clicks. You create password entries manually, if desired, in different groups. If you don’t have a good password yet, KeePass can create one.

The information can be copied later using a small icon or a right click of the mouse. Web passwords can be filled in automatically if the structure of the login window of the respective website allows this. Access to the KeePass database is protected by a master password.

Lots of forks and sister programs

KeePass is primarily designed for Windows devices. The program can also be used with a workaround on other systems use. The KeePass site lists for very different contexts several dozen forks about, about KeePassXC (for Windows, macOS and Linux), Keepass2Android (for Android) as well as KeePassium (for iOS).

KeePass and the many sister programs are part of the standard canon of digital self-defense. The Federal Office for Information Security (BSI) recommends KeePass, a toolkit from the US Electronic Frontier Foundation (EFF) advises KeePassXC. In 2016, the European Commission published a Extended security clearance funded and in 2019, KeePass was part of a Bug-Bounty-Programs the European Commission.

Like the public transport timetable information app, KeePass is largely an individual project: the developer Dominik Reichl, who lives in Metzingen near Stuttgart, is the originator of KeePass.

On his website Reichl lists eight other software projects, such as KeeGen, a password generator for Windows, and VisualHash and ReHash for calculating hash sums. However, Reichl told heise online that his focus is clearly on KeePass.

KeePass has just come of age: 18 years ago, on November 15, 2003, Reichl created KeePass as a project on Sourceforge.net, the first version followed two days later. He wrote the entire program himself, he explains to heise online: “The reason I started developing KeePass was simply that there was no password manager that I did. ‘loved at the time. “

Translations, plugins and community support

Reichl is requesting donations on its website and has included advertising. Basically, he develops KeePass himself. But there is a small community around it: around 75 people help with translations, while waiting they can around fifty language packages to install. About 140 people contribute to the 180 plugins and extensions, and a small group of people respond to support requests.

Then there is an incredibly large ecosystem of about 50 related programs and forks. Some users would like an “official” KeePass app for all possible contexts, explains Reichl. But he doesn’t have time for that and is happy with the work of others: “I prefer to focus on the development of KeePass for PC and I am glad that other developers are creating KeePass compatible applications for other systems.

The work on the article series is based in part on a grant “Neustart Kultur” from the Federal Government Commissioner for Culture and Media, awarded by VG Wort.

(olb)