Hi
I am very confused about the documentation and the security in the usage of the composite password key, esp the key file.
Your documentation states:
====Location. The point of a key file is that you have something to authenticate with (in contrast to master passwords, where you know something), for example a file on a USB stick. The key file content (i.e. the key data contained within the key file) needs to be kept secret. The point is not to keep the location of the key file secret
======
1) What is meant by "the location of the key file need not be a secret, rather the data contained in the key file should be a secret". I don't understand. If an intruder gets hold of the key file by examining the access times of the file (for e.g.), how does he care about the contents as long as it lets him log into my account???? It seems the location of the file (and hence its contents) must be kept a secret. Please explain why not?
2) I have created a composite key (master password and key file combo) for my account. The problem I see is, when I log in, the key file is already checked and the correct key file already appears in the login window. This is not desirable. The user must be required to enter the key file name and the master password at login. If not, the problem I see is you are already giving away half the solution of the composite key to an intruder who gets hold of my machine. Please advise.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It seems the location of the file (and hence its contents) must be kept a secret.
The key file needs to be inaccessible to an intruder, not in a secret location that is discoverable. A simple analogy is that of a house key. Everyone knows that your house key is in your pocket, but it is inaccessible to an potential intruder in that location. However, if you hide the key under the flower pot in the garden an intruder could find it.
A key file is a special purpose component of a Master Key. It is useful only if you are prepared to keep it in a location that is not accessible to an intruder (e.g. on a USB key in your pocket). Otherwise a strong Master Password is sufficient.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
can a key pass be used independently without the master key
eg
if i have a key pass stored on a USB stick can i use that to open the database without also having to input the master key
or
is it just an extra security
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
**KeePass always requires a "key" to unlock the database. **
This is the whole purpose of KeePass - to protect the database and your passwords stored in there.
The KeePass database is actually protected using a very strong encryption method with a long encryption key derived from the password you type (and optionally with the addition of a keyfile) by a deliberately very processor intensive method. This derived key defies, to all intents and purposes and by design, any attempt to guess the password. This is the "key" that actually unlocks the database.
Having a keepass database on a memory stick without a password is totally pointless and implies no encryption. You may as well store all of your passwords in an unencrypted spreadsheet! There would obviously then be no protection for your valuable data if anyone were to be able to access the database by copying or accessing the memory stick!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Sorry, mis understanding
My actual data base is stored on my computer with a backup
My question is if I have only a key file stored on a removeable usb memory stick and have that USB plugged into my computer,
Then in the start up open database box if key file is ticked but not master password then by clicking ok will that open the database.
The security comes by ensuring that the usb stick is removed and stored securely
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
i generated a key file by typing my master password into a notepad file. then saving that file onto a USB memory stick as key.keyx then entering that usb file location open database dialogue, ticking key file but unticking master password clicking ok
the system goes to the key file, reads the master password and opens the data base
the benefit of doing this is that with a long password errors are not made in having to type the password everything. it is also much quicker
but ensuring the USB stick is removed and kept securely
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Make sure that you have multiple copies of your USB stick file or you have made a note somewhere if EXACTLY how you created the keyfile.
Also beware if Notepad ever changes the character encoding it uses, or you use a different program to recreate your password file, you could lose access to your database if you ever have to recreate the file! A new version of Notepad is apparently imminent with support for UNIX end of line characters as an alternative to the Windows end of line by way of example - there may be other differences at the binary level. Notepad is a text editor!
Remember the keyfile MUST be an exact binary copy of the one you used as your keyfile.
Are your perhaps making your typed password much longer than is actually necessary? There have been several posts over the years about this but from memory about 16 to 20 characters is more than sufficient for all practical purposes provided that it includes some mixture of upper/lower case characters and some numeric and special characters e.g. +-= etc.!
The risk is that an attacker might guess your password using trial and error. However the method used by KeePass to generate the long encryption password that is actually used to access the database from the password you type is deliberately computationally very intensive thus each guess taking a long time making brute force trial and error guessing by an attacker all but impossible. Think about 1 second per attempt and many millions or even billions of attempts typically would be required!
I personally find that my password is very quick and easy to type and hence have no need for the added and, in my opinion (as a retired security consultant), unnecessary complexity of having a keyfile!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi
I am very confused about the documentation and the security in the usage of the composite password key, esp the key file.
Your documentation states:
====Location. The point of a key file is that you have something to authenticate with (in contrast to master passwords, where you know something), for example a file on a USB stick. The key file content (i.e. the key data contained within the key file) needs to be kept secret. The point is not to keep the location of the key file secret
======
1) What is meant by "the location of the key file need not be a secret, rather the data contained in the key file should be a secret". I don't understand. If an intruder gets hold of the key file by examining the access times of the file (for e.g.), how does he care about the contents as long as it lets him log into my account???? It seems the location of the file (and hence its contents) must be kept a secret. Please explain why not?
2) I have created a composite key (master password and key file combo) for my account. The problem I see is, when I log in, the key file is already checked and the correct key file already appears in the login window. This is not desirable. The user must be required to enter the key file name and the master password at login. If not, the problem I see is you are already giving away half the solution of the composite key to an intruder who gets hold of my machine. Please advise.
The key file needs to be inaccessible to an intruder, not in a secret location that is discoverable. A simple analogy is that of a house key. Everyone knows that your house key is in your pocket, but it is inaccessible to an potential intruder in that location. However, if you hide the key under the flower pot in the garden an intruder could find it.
A key file is a special purpose component of a Master Key. It is useful only if you are prepared to keep it in a location that is not accessible to an intruder (e.g. on a USB key in your pocket). Otherwise a strong Master Password is sufficient.
Wellread1, very nicely put especially the house key analogy. Thank you so much for that explanation.
can a key pass be used independently without the master key
eg
if i have a key pass stored on a USB stick can i use that to open the database without also having to input the master key
or
is it just an extra security
**KeePass always requires a "key" to unlock the database. **
This is the whole purpose of KeePass - to protect the database and your passwords stored in there.
The KeePass database is actually protected using a very strong encryption method with a long encryption key derived from the password you type (and optionally with the addition of a keyfile) by a deliberately very processor intensive method. This derived key defies, to all intents and purposes and by design, any attempt to guess the password. This is the "key" that actually unlocks the database.
Having a keepass database on a memory stick without a password is totally pointless and implies no encryption. You may as well store all of your passwords in an unencrypted spreadsheet! There would obviously then be no protection for your valuable data if anyone were to be able to access the database by copying or accessing the memory stick!
Sorry, mis understanding
My actual data base is stored on my computer with a backup
My question is if I have only a key file stored on a removeable usb memory stick and have that USB plugged into my computer,
Then in the start up open database box if key file is ticked but not master password then by clicking ok will that open the database.
The security comes by ensuring that the usb stick is removed and stored securely
By playing around i have f found the answer ...
i generated a key file by typing my master password into a notepad file. then saving that file onto a USB memory stick as key.keyx then entering that usb file location open database dialogue, ticking key file but unticking master password clicking ok
the system goes to the key file, reads the master password and opens the data base
the benefit of doing this is that with a long password errors are not made in having to type the password everything. it is also much quicker
but ensuring the USB stick is removed and kept securely
Make sure that you have multiple copies of your USB stick file or you have made a note somewhere if EXACTLY how you created the keyfile.
Also beware if Notepad ever changes the character encoding it uses, or you use a different program to recreate your password file, you could lose access to your database if you ever have to recreate the file! A new version of Notepad is apparently imminent with support for UNIX end of line characters as an alternative to the Windows end of line by way of example - there may be other differences at the binary level. Notepad is a text editor!
Remember the keyfile MUST be an exact binary copy of the one you used as your keyfile.
Are your perhaps making your typed password much longer than is actually necessary? There have been several posts over the years about this but from memory about 16 to 20 characters is more than sufficient for all practical purposes provided that it includes some mixture of upper/lower case characters and some numeric and special characters e.g. +-= etc.!
The risk is that an attacker might guess your password using trial and error. However the method used by KeePass to generate the long encryption password that is actually used to access the database from the password you type is deliberately computationally very intensive thus each guess taking a long time making brute force trial and error guessing by an attacker all but impossible. Think about 1 second per attempt and many millions or even billions of attempts typically would be required!
I personally find that my password is very quick and easy to type and hence have no need for the added and, in my opinion (as a retired security consultant), unnecessary complexity of having a keyfile!