I am not aware of any published audits. However the source code is available for review.
KeePass has also received recommendations and certifications from various agencies listed on the KeePass Awards, Ratings and Opinion page (e.g. Federal Office for Information Security (Germany) and a Certification Report from ANSSI: French Network and Information Security Agency).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for the link, but to be perfectly honest with you there, the awards from the various websites don't say much about the security.
And at least for the Federal Office for Information Security (Germany), I can say that they're not really crypto/programming experts, they're managers.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I hadn't thought about this but this is an interesting questions. It's great that the source code is open but are there any third party certifications or writeups of examinations of the source code of Keepass out there?
Thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The problem with code audits is that someone has to spend time doing it and that costs. At present there doesn't seem to be a move to organize an audit.
cheers, Paul
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I wouldn't call it much of an audit, but I didn't notice anything glaring when I performed a line by line port of KeePassLib to java (keepassj). There's nothing to say about the rest of keepass however; I didn't look at it as part of the port
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I was wondering whether KeePass has been audited lately?
If so how recent was it conducted and what were the results?
I am not aware of any published audits. However the source code is available for review.
KeePass has also received recommendations and certifications from various agencies listed on the KeePass Awards, Ratings and Opinion page (e.g. Federal Office for Information Security (Germany) and a Certification Report from ANSSI: French Network and Information Security Agency).
Thanks for the link, but to be perfectly honest with you there, the awards from the various websites don't say much about the security.
And at least for the Federal Office for Information Security (Germany), I can say that they're not really crypto/programming experts, they're managers.
I hadn't thought about this but this is an interesting questions. It's great that the source code is open but are there any third party certifications or writeups of examinations of the source code of Keepass out there?
Thanks
The problem with code audits is that someone has to spend time doing it and that costs. At present there doesn't seem to be a move to organize an audit.
cheers, Paul
I wouldn't call it much of an audit, but I didn't notice anything glaring when I performed a line by line port of KeePassLib to java (keepassj). There's nothing to say about the rest of keepass however; I didn't look at it as part of the port