Very slow encryption in Linux

A lightweight and easy-to-use password manager

Brought to you by: dreichl

Very slow encryption in Linux

Forum: Open Discussion

Creator: Kurt Fitzner

Created: 2017-09-09

Updated: 2017-09-09

Kurt Fitzner - 2017-09-09

The official Debian/Ubuntu/Mint distributions of KeePass are very slow on the encrypt/decrypt. Comparing the dot net KeePass to a native program called KeePassX shows KeePass to be slower by close to a factor of 50. This is significant, because the number of rounds performed directly affects security.

Are the encryption primitives used by KeePass also written in dot net? Is there a way to speed it up? The people who would attempt to brute force a password file won't be using wildly inefficient encryption primitives, they will be using hardware encryption.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dominik Reichl - 2017-09-09

On Linux, KeePass uses Mono's AES implementation, which indeed is rather slow.

A minor improvement has already been implemented for KeePass 2.37:
https://sourceforge.net/p/keepass/bugs/1468/

Best regards,
Dominik

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Kurt Fitzner - 2017-09-10

Hi Dominik,

Thanks so much for linking that report and for the work on the new version. I'll comment further there.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.