i have an "old" database file (kdbx) which had a very simple pw until 1 week ago. Now i have loaded the old database file with the newest Keepass version and have changed the pw of the old file into a complex one with the pw change function of Keepass.
=> Is the security in the end the same or should i better create a completely new Keepass file with a complex pw at the beginning of the file and import all entries from the old database?
Thanks in advance for this info
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
When you save an older format KeePass database using a new version of KeePass, the old format is converted to the new format. When you change the master password of a KeePass database the database is encrypted using the new password. Protection is as strong as the new password. It does not make any difference that the a weaker password was once used.
Of course any extra copies of the old database will still be protected with the old password. You should either change their master password, delete them, or move them offline.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you for the very detailed answer. This is very good to know.
A further question to the save in the new format => I am using the Plugin "DataBaseBackup by Francis Noël" for archiving the database files. Do have this Plugin any impact to the save operation in the new format or is blocking the conversion maybe?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In general, new versions of KeePass will automatically and silently upgrade the file format when the database is saved. New file formats are not backward compatible. An exception is the current version of KeePass, which will upgrade to the new format only if it is needed. If maximum compatibility is important to you, do not force a conversion.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi all,
i have an "old" database file (kdbx) which had a very simple pw until 1 week ago. Now i have loaded the old database file with the newest Keepass version and have changed the pw of the old file into a complex one with the pw change function of Keepass.
=> Is the security in the end the same or should i better create a completely new Keepass file with a complex pw at the beginning of the file and import all entries from the old database?
Thanks in advance for this info
When you save an older format KeePass database using a new version of KeePass, the old format is converted to the new format. When you change the master password of a KeePass database the database is encrypted using the new password. Protection is as strong as the new password. It does not make any difference that the a weaker password was once used.
Of course any extra copies of the old database will still be protected with the old password. You should either change their master password, delete them, or move them offline.
Thank you for the very detailed answer. This is very good to know.
A further question to the save in the new format => I am using the Plugin "DataBaseBackup by Francis Noël" for archiving the database files. Do have this Plugin any impact to the save operation in the new format or is blocking the conversion maybe?
If you can open a backup made with this plugin then it works.
Yes a backup can be opened.
Are there a possibility to check the version type of the kdbx file to verify that the database file was successfully converted to the newest version?
In general, new versions of KeePass will automatically and silently upgrade the file format when the database is saved. New file formats are not backward compatible. An exception is the current version of KeePass, which will upgrade to the new format only if it is needed. If maximum compatibility is important to you, do not force a conversion.