KeePass: Unterschied zwischen den Versionen

Aus NOBAQ
Zur Navigation springenZur Suche springen
Zeile 22: Zeile 22:
 
[http://keepass.info/help/v2/autotype_obfuscation.html Two-Channel Auto-Type Obfuscation (TCATO)] is a very powerful new feature of KeePass 2. Instead of just auto-typing the information, TCATO splits the information and transfers parts of it via the clipboard. This makes it much harder for keyloggers to capture the information. TCATO can be enabled/disabled on a '''per-entry''' basis.
 
[http://keepass.info/help/v2/autotype_obfuscation.html Two-Channel Auto-Type Obfuscation (TCATO)] is a very powerful new feature of KeePass 2. Instead of just auto-typing the information, TCATO splits the information and transfers parts of it via the clipboard. This makes it much harder for keyloggers to capture the information. TCATO can be enabled/disabled on a '''per-entry''' basis.
  
Unfortunately, TCATO does not work for all windows, for example PuTTY. Hence, often you want to enable/disable TCATO per auto-type sequence. Example: Some stupid online banking systems (e.g. BAWAK PSK has this stupid "feature") prevent usage of the clipboard in some input fields, for example when changing the password. In this case you can selectively disable TCATO for this sequence.
+
Unfortunately, TCATO does not work for all windows, for example PuTTY. Hence, often you want to enable/disable TCATO '''per auto-type sequence'''. Example: Some stupid online banking systems (e.g. BAWAK PSK has this stupid "feature") prevent usage of the clipboard in some input fields, for example when changing the password. In this case you can selectively disable TCATO for this sequence.
  
 
Example:
 
Example:

Version vom 18. April 2015, 20:49 Uhr

KeePass is a password manager and one of my op "must-have" applications. Instead of either having the same password for all your stuff or having to remember many different passwords, you can use one single, secure password to store all others in a secure, encrypted way. Integrations such as autotype makes it easy to handle these passwords in Windows and KeePass is available for multiple platforms.

KeePass 1

KeePass 1.x is a very light variant for KeePass. I have extended it using various plugins. Related articles:

KeePass 2

KeePass 2 can be regarded as the "full version" which contains many more features. Downside is that it is slower and uses more memory because it is written in C# .NET instead of pure C++/MFC (as KeePass 1). After many years, I switched to KeePass 2 in March 2015 due to the much richer feature set. Also the Android version of Keepass2Android is much better.

I created the following plugins for KeePass 2:

TCATO Placeholder

Two-Channel Auto-Type Obfuscation (TCATO) is a very powerful new feature of KeePass 2. Instead of just auto-typing the information, TCATO splits the information and transfers parts of it via the clipboard. This makes it much harder for keyloggers to capture the information. TCATO can be enabled/disabled on a per-entry basis.

Unfortunately, TCATO does not work for all windows, for example PuTTY. Hence, often you want to enable/disable TCATO per auto-type sequence. Example: Some stupid online banking systems (e.g. BAWAK PSK has this stupid "feature") prevent usage of the clipboard in some input fields, for example when changing the password. In this case you can selectively disable TCATO for this sequence.

Example:

   Auto-Type-Window: BAWAG P.S.K. eBanking - ebanking.bawagpsk.com*
   Auto-Type-Sequence: {C:Login}{DELAY 200}{USERNAME}{TAB}{PASSWORD}{ENTER}
   Auto-Type-Sequence: {C:change password}{TCATO:false}{PASSWORD}{TAB}{NEWPASSWORD:/PSK/}{TAB}{NEWPASSWORD:/PSK/}

TAN Placeholder

This plugin provides a placeholder {USETAN:...} for use in auto typing. It can be used for logins where a TAN is required.

Example application

Cisco AnnyConnect Secure Client can be automated when one-way passwords as required. I create a printed list of password and safe them as TAN entires in a group called "VPN TANs". Then I have the following auto-type sequence:

   Auto-Type-Window: Cisco AnyConnect | su-vpn.stanford.edu
   Auto-Type-Sequence: {C:with TAN}{DELAY 1000}{PASSWORD}{ENTER}{DELAY 2000}{USETAN:T:VPN TANs}{ENTER}{DELAY 2000}{ENTER}

How to use

The placeholder has one of the following forms:

   {USETAN:I:group-uuid}
   {USETAN:T:group-name}

Here, "I" references the group with the TANs using its UUID: group-uuid must be UUID of the group, as a hex string. "T" references the group with the group title. If there are multiple groups with the same name, the first one is taken!

Use the I-version to uniquely reference a TAN group. There is no builtin way to obtain the UUID of a group. One way is to export the TAN group to "KeePass XML (2.x)" and look for the tag <UUID>. Important: The UUID from this tag is in BASE64. You need to convert it to a hex string manually, for example on http://tomeko.net/online_tools/base64.php?lang=en .

Use the T-version if you update your TANs frequently in different groups. Take care that the group is unique!

Optionally, if your TAN entries are numbered, a specific TAN number can be provided as last argument:

   {USETAN:I:group-uuid:tan nr}
   {USETAN:T:group-name:tan nr}

Examples

Enter Username, the next available TAN and then password. First, the group is identified by its title, second by its UUID.

   {USERNAME}{TAB}{USETAN:T:My TAN List}{PASSWORD}{ENTER}
   {USERNAME}{TAB}{USETAN:I:2A5FF84677A91D49B4227D564B7698AF}{PASSWORD}{ENTER}

Additionally, request than the TAN with number 6 is entered:

   {USERNAME}{TAB}{USETAN:T:My TAN List:6}{PASSWORD}{ENTER}
   {USERNAME}{TAB}{USETAN:I:2A5FF84677A91D49B4227D564B7698AF:6}{PASSWORD}{ENTER}


Error messages

"The following auto-type placeholder or special key code is unknown/unsupported: {USETAN...}".

Make sure the placeholder has exactly the forms described above with the first argument either T or I. If you use an UUID, make sure that it has the right form, i.e. it is 32 bytes long and consists only of A-F, 0-9. Example: 2A5FF84677A91D49B4227D564B7698AF


"{USETAN}: Supplied group was not found"

Make sure you use the correct UUID. When referencing using the title, make sure you use the right case (case matters).

"{USETAN}: Either TAN entry was not found or no TAN available" If you supplied an ID for the TAN, the TAN entry was either not found or has been used. If you did not supply a specific ID, there are no more free TANs available in the group. If you receive this message but you have free TANs in the group, make sure the group name is unique when referencing it by its title!

Download