Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#1764 Move settings to db file

KeePass_1.x
closed
nobody
5
2013-10-26
2013-08-06
ajakkes
No

There are several settings in the KeePass.ini file that enhance or reduce security. Like te setting that clears the clipboard or sets a default password generator pattern.

Creating the following file:
KeeClipboardSeconds=3600
KeeDisableUnsafe=True
KeeSecureEditControls=True
KeeAlwaysAllowIPC=True
KeeGenProfileAuto=AmEAAk4AAAAIA4AAAABcAEIAXABhAFwAYwBcAGEAXAAxAFwAMgBcACEAAEFOUgAA
KeeUseTransactedFileWrites=False

And saving this at:
C:\Program Files\KeePass Password Safe\KeePass.enforced.ini
or:
C:\Users\User Name\AppData\Roaming\KeePass\KeePass.ini
could be done in less than a second.

This would not be noticed by the user of the application for a long time and if noticed that one of the settings is changed not alarm the user that other settings would be changed as well.

Reading the KeePass.ini file setting KeeGenProfile0=AmEAAk4AAAAIA4AAAABcAEIAXABhAFwAYwBcAGEAXAAxAFwAMgBcACEAAEFOUgAA
Where a user could store password patterns that would be easier for the user to remember but with a high strenght when the pattern is not common and known would bring the strenght down a lot. Something like \I\c\a\n\r\e\m\e\m\b\e\r\t\h\i\s\:zZcv with a strength of 84bits reduced to 23bits after reading the ini file. While a pattern like: ullllllllllllllpzZcv would be hard to remember by most people. Especialy when the pattern is used for all the passwords stored.

Storing these security enhancing settings encrypted in the database would make the application more secure, while settins like KeeSecureEditControls=False and KeeClipboardSeconds=3600 in a editable file give the user a false feeling of security.

Where is clearing the clipboard enhanced security when access to the clipboard would also mean write access to a keepass.ini file and setting the value high enough.

I hope these settings would be stored in the password file in future.

Discussion

  • Dominik Reichl
    Dominik Reichl
    2013-10-26

    • status: open --> closed