Started by BiomedEngineer,
Hey Agilebits, I just recommended 1Password to some friends and I know that at least one purchased your Win+Mac bundle. They are security conscious people and have always recommended Keepass (Win) and KeepassX (Mac). I'd just like to see how 1P compares to Keepass on the following factors, both to know for myself and to address questions if they come up. I've read much of your blog where you emphasize how strong your encryption is and how you've implemented features that slow down password crackers' attempts. I'm not sure if you've talked about the other features below though.
1) SHA-256 is used as password hash. In contrast to many other hashing algorithms, no attacks are known yet against SHA-256.
2) Protection against dictionary and guessing attacks: by transforming the final master key very often, dictionary and guessing attacks can be made harder.
3) In-Memory Passwords Protection: Your passwords are encrypted while KeePass is running, so even when the operating system caches the KeePass process to disk, this wouldn't reveal your passwords anyway. This means that even if you would dump the KeePass process memory to disk, you couldn't find the passwords.
4) Security-Enhanced Password Edit Controls: KeePass is the first password manager that features security-enhanced password edit controls. None of the available password edit control spies work against these controls. The passwords entered in those controls aren't even visible in the process memory of KeePass.