KeePass 2.34 released, tightens update checking security
Open-source password-management tool KeePass 2.34 has been released for Windows. The new release’s headline feature is a digitally signed version information file, which is used to check for updates.
The feature was unveiled after a potential vulnerability was discovered whereby hackers could dupe KeePass users into downloading malware through the online update check.
After the publication of articles revealing the man-in-the-middle vulnerability, KeePass announced its plans to implement digital signing in the version update file to ensure future version checks could not be hijacked.
This has now been implemented in version 2.34, with the program now downloading the file over HTTPS to make it extra secure. This makes the new release an essential update for all KeePass 2.x users.
The vulnerability is a stark reminder that users should make the effort to check the digital signature of any downloaded files to verify they’re genuine. Right-click the downloaded KeePass file and choose Properties > Digital Signatures tab to verify the signer name is 'Open Source Developer, Dominik Reichl', or check this is displayed by the Windows User Account Dialogue box when installing the program.
KeePass 2.34 also adds a number of other new features -- there’s an option to 'Lock workspace when minimizing main window to tray' (namely the Notification area). A related setting allows users to use the [Escape] key to minimize without locking the program. Users also gain a new alternative shortcut -- [Ctrl] + [Q] -- for closing the program.
Plugins have also been improved -- support for digitally signed folders have been added, while plugins must now be stored within the application’s directory (or a newly created Plugins sub-directory.
The program now claims improved startup performance through the filtering of plugin candidates, plus it now finds and deletes any temporary files created during a failed print operation when KeePass is next closed.
The final changes sees improved high DPI support for the CHM help file, plus a number of unspecified code optimizations and other ‘minor’ improvements.