Feature Requests

botched0ps
2014-03-27
2014-03-28
  • botched0ps
    botched0ps
    2014-03-27

    Hey all,

    To further the usability of Keepass, I would like your opinions on the following possible feature requests I've made:

    • Allow for the usage of Field References in the Sync settings used by Triggers and the option itself under File > Syncronize - This will provide a way to securely store credentials used to synchronize the database when done so by triggers.
    • Modify the synchronization method so that passwords are not required and can instead be fetched by a Pageant client - An addition or alternative to the previous feature request
    • Create a Placeholder method for the password field that can be used to reference profiles in the password generator - This will allow certain templates to be generated with unique passwords based on the profile selected for them.
    • Create an option to embed Keepass settings in a database - This would provide a simplified method of synchronizing Keepass settings between desktops without the need of additional files. Settings could also include triggers and password generation profiles.
     
  • botched0ps
    botched0ps
    2014-03-27

    Also, should we consider a separate forum specifically for feature requests or are they fine as-is in the Open Discussion forum?

     
    • wellread1
      wellread1
      2014-03-27

      Discussion of potential features can help determine whether a request is necessary and desirable, and if is is, improve the request.

      Also, the developer monitors the Discussion Forum.

       
  • wellread1
    wellread1
    2014-03-27

    Allow for the usage of Field References in the Sync settings used by Triggers

    Field references are a form a placeholder, and can be used in Triggers.

    ... and the option itself under File > Syncronize - This will provide a way to securely store credentials used to synchronize the database when done so by triggers.

    Opening a database requires the Master Key be entered. Synchronization does not.

    Additional site credentials may be required to access a site where a database is stored. These credentials can be stored in a local database and used in a trigger that accesses the site by using field references.

    Modify the synchronization method so that passwords are not required and can instead be fetched by a Pageant client - An addition or alternative to the previous feature request

    Similar functionality may already be available via Backup & Synchronization & IO plugins.

    Create a Placeholder method for the password field that can be used to reference profiles in the password generator - This will allow certain templates to be generated with unique passwords based on the profile selected for them.

    It is already possible to create and save password generation profiles.

    I don't believe a placeholder is likely to be the best approach. The {NEWPASSWORD} placeholder exists. It uses the "Automatically generated passwords for new entries" generator profile. It can be used in a template. You may want to investigate it.

    Create an option to embed Keepass settings in a database - This would provide a simplified method of synchronizing Keepass settings between desktops without the need of additional files. Settings could also include triggers and password generation profiles.

    KeePass settings are a property of the KeePass Workspace not the Password Database. Workspace settings are stored in keepass.config.xml, Password Database settings are stored in the database. Triggers and password generation profiles are Workspace properties and stored in keepass.config.xml. It is unlikely that the architectural distinction between Workspace and Database will be altered.

     
    • botched0ps
      botched0ps
      2014-03-28

      Field references are a form a placeholder, and can be used in Triggers.

      This is true, I was struggling with SCP connection stability earlier and probably thought that the failures were caused by a lack of placeholder usage in Trigger fields.

      Modify the synchronization method so that passwords are not required and can instead be fetched by a Pageant client - An addition or alternative to the previous feature request

      Similar functionality may already be available via Backup & Synchronization & IO plugins.

      I can confirm that this does work after additional attempts, but previously failed because of a blank password field in the Sync settings (Schrödinger's credentials?)

      I don't believe a placeholder is likely to be the best approach. The {NEWPASSWORD} placeholder exists. It uses the "Automatically generated passwords for new entries" generator profile. It can be used in a template. You may want to investigate it.

      The {NEWPASSWORD} placeholder was what I was referring to, but I was curious if it could be used in a (template) entry's password field, so that when a new entry is created from the template, a password is generated for said entry automatically. This currently does not seem to function as intended, as it is likely not currently implemented.

      KeePass settings are a property of the KeePass Workspace not the Password Database. Workspace settings are stored in keepass.config.xml, Password Database settings are stored in the database. Triggers and password generation profiles are Workspace properties and stored in keepass.config.xml. It is unlikely that the architectural distinction between Workspace and Database will be altered.

      I do understand the reasoning between keeping these seperate, but being able to keep settings similar between devices would be nice. Does a trigger action that can sync application settings seem like overkill or a suitable middleman?

       
  • wellread1
    wellread1
    2014-03-28

    [The {NEWPASSWORD} placeholder] currently does not seem to function as intended, as it is likely not currently implemented.

    The {NEWPASSWORD} placeholder ultimately replaces itself with a {PASSWORD} placeholder or an actual password. This is useful to a user that needs a one time password change.

    A built-in entry field that saved a custom password generation profile with each entry would be a more direct solution. This feature request has already been made, see https://sourceforge.net/p/keepass/feature-requests/1399/ and https://sourceforge.net/p/keepass/feature-requests/1399/. Aside from other considerations, it would most likely require a database format change.

    If you create and save just a few well designed password generation profiles you may find the lack of per-entry profiles is not the deficiency it seems at first.

    The profiles should create strong passwords (be randomly selected from a very large set, aka have high entropy) and satisfy some or all of the additional criteria:

    1. Meet the majority of site based password constraints.
    2. Meet the vast majority of site based password constraints after manually changing or deleting just one or a few characters while not sacrificing significant strength.
    3. Can be manually entered easily on most input devices, including soft keyboards (e.g. tablets, phones, & consoles).

    Note: The Wikipedia Password Strength article is a helpful resource.

    ...being able to keep settings similar between devices would be nice. Does a trigger action that can sync application settings seem like overkill or a suitable middleman?

    You can transfer initial settings by copying the keepass.config.xml file to the other KeePass installations. The inevitable file PATH discrepancies are easily fixed manually. However, syncing Workspace settings is more trouble than it is worth because of these same PATH differences would reappear regularly.

    Third party ports may not support any KeePass Workspace settings or may support only a subset, so transferring and/or syncing settings is not feasible.

     
    Last edit: wellread1 2014-03-28