database encryption security

MikeH
2013-12-08
2013-12-08
  • MikeH
    MikeH
    2013-12-08

    I have been using Keepass for many years and syncing the password database thru dropbox with a variety of devices. I just read the following article and have a concern about the implementation of the encryption methodology used in Keepass.

    http://www.informationweek.com/security/risk-management/security-fail-apple-ios-password-managers/d/d-id/1103401?

    Since the database file is standalone, and GPU's can brute force passwords at millions of attempts per second (not 60 times per minute) is the encryption algorithms properly implemented to prevent rapid decryption by dictionary attacks or rainbow tables? Brute force methods are always possible, but with appropriate passwords one can make the attempt, even with fast GPU's very difficult.

    Is Keepass as vulnerable as some of the other well known password managers? For instance, according to this article on encryption implementation, the 1Password Pro encrypted database was broken in just 5 seconds.

     
  • Paul
    Paul
    2013-12-08

    KeePass has protection against brute force attacks, but nothing can prevent dictionary attacks except a strong complex password.
    Read the KeePass security details at this link. http://keepass.info/help/base/security.html

    cheers, Paul