If I go to File->Database Settings->Security, I see a few different security options.
How much do the options on this menu matter for the average user? Are the default values (Database file encryption algorithm: AES/Rijndael (256-bit key, FIPS 197), Key derivation function: AES-KDF, Iterations: 6000) more than strong enough for the average user?
Last edit: citizen_snips 2022-06-28
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Key transformations complement database master password strength by limiting the password testing rate on a given computer. The default iteration setting for AES-KDF has been upped from 6000 to 60000 in recent versions of KeePass to take advantage of computer performance improvements.
The default key transformation settings are secure, but more is better until the delay attributable to key transformation when opening a database is perceptible or inconvenient. For most users this will be in the range of 0.1 to 1 sec. Returns diminish for perceptible or inconvenient delays, e.g. delays greater than 1 sec. Set the iterations so that opening the database on the slowest computer you plan to use is still convenient
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I currently access my KeePass database from both Windows and Android, so my phone will be the limiting factor here. When I open a database on the KeePass Android app, I see a screen that says "Working..." and "Loading Database", and it takes about 2 full seconds to open. Is that delay likely due to the decryption that the phone has to perform to open the database or network latency when accessing the DB file stored on Dropbox?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Key transformations complement database master password strength by limiting the password testing rate on a given computer.
Does this mean if someone were to somehow acquire one of my .kdbx files, try to open it in KeePass, and then do a brute force attack on the password prompt text box, having the DB saved with a greater number of iterations will limit how fast they are able to input guesses?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes. If the database has enough iterations set to equal, say a 7 second (which I know is way too much) delay in opening or saving that database, then it would take somebody (anybody really) 7 seconds between open attempts.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes. The attacker has to do the work specified by key transformation setting for each guess. If you specify an amount of work that is 10x greater than the default value the attacker also has to perform 10x the work for each guess as they otherwise would have had to. This raises the cost of the attack.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Is there any benefit from switching the "Database file encryption algorithm" from "AES/Rijndael (256-bit key, FIPS 197)" to "ChaCha20 (256-bit key, RFC 7539" or the "Key derivation function" from "AES-KDF" to "Argon2d" or "Argon2id"?
Last edit: citizen_snips 2022-06-28
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
All the key transformation and encryption methods used by KeePass are secure. AES-KDF is easy to configure and optimize. The most important thing to do to protect your database is use a strong master password.
If you are interested in the other methods you can start with the KeePass documentation and search this forum and other resources for additional discussion.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
2 seconds seem large, but the size of your database, the hardware and android app that you are using, may also affect performance.
KeePass2Android on an old android phone (Snapdragon 835, 4GB of memory, 4.5 years old) opens a smallish 100 entry database with AES-KDF & 500,000 key transformations in ~1 second. I estimate it takes half as long to open the same database set to 1 key transformation. I treat this latter time as the database opening overhead.
Your Android app should be able to set the key transformation setting. I suggest you experiment. As always, make a backup copy of you database before making database setting changes.
Last edit: wellread1 2022-06-27
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Your Android app should be able to set the key transformation setting. I suggest you experiment. As always, make a backup copy of you database before making database setting changes.
Apparently that only works on .kdb files, not .kdbx:
That is a limitation of KeePassDroid. KeePass2Android is a different app. It supports setting key transformations for the kdbx file format. It may also have different performance.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I use KeePass2Android, if I recall and connect through DropBox but my database is enycrypted so when I use the Android app it as for Password but only a few seconds then it logs in.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If I go to File->Database Settings->Security, I see a few different security options.
How much do the options on this menu matter for the average user? Are the default values (Database file encryption algorithm: AES/Rijndael (256-bit key, FIPS 197), Key derivation function: AES-KDF, Iterations: 6000) more than strong enough for the average user?
Last edit: citizen_snips 2022-06-28
Key transformations complement database master password strength by limiting the password testing rate on a given computer. The default iteration setting for AES-KDF has been upped from 6000 to 60000 in recent versions of KeePass to take advantage of computer performance improvements.
The default key transformation settings are secure, but more is better until the delay attributable to key transformation when opening a database is perceptible or inconvenient. For most users this will be in the range of 0.1 to 1 sec. Returns diminish for perceptible or inconvenient delays, e.g. delays greater than 1 sec. Set the iterations so that opening the database on the slowest computer you plan to use is still convenient
I currently access my KeePass database from both Windows and Android, so my phone will be the limiting factor here. When I open a database on the KeePass Android app, I see a screen that says "Working..." and "Loading Database", and it takes about 2 full seconds to open. Is that delay likely due to the decryption that the phone has to perform to open the database or network latency when accessing the DB file stored on Dropbox?
Does this mean if someone were to somehow acquire one of my .kdbx files, try to open it in KeePass, and then do a brute force attack on the password prompt text box, having the DB saved with a greater number of iterations will limit how fast they are able to input guesses?
Yes. If the database has enough iterations set to equal, say a 7 second (which I know is way too much) delay in opening or saving that database, then it would take somebody (anybody really) 7 seconds between open attempts.
I should note that the number of iterations doesn't actually specify a 'delay time', see here for more - Security - KeePass - https://keepass.info/help/base/security.html
Yes. The attacker has to do the work specified by key transformation setting for each guess. If you specify an amount of work that is 10x greater than the default value the attacker also has to perform 10x the work for each guess as they otherwise would have had to. This raises the cost of the attack.
Is there any benefit from switching the "Database file encryption algorithm" from "AES/Rijndael (256-bit key, FIPS 197)" to "ChaCha20 (256-bit key, RFC 7539" or the "Key derivation function" from "AES-KDF" to "Argon2d" or "Argon2id"?
Last edit: citizen_snips 2022-06-28
All the key transformation and encryption methods used by KeePass are secure. AES-KDF is easy to configure and optimize. The most important thing to do to protect your database is use a strong master password.
If you are interested in the other methods you can start with the KeePass documentation and search this forum and other resources for additional discussion.
2 seconds seem large, but the size of your database, the hardware and android app that you are using, may also affect performance.
KeePass2Android on an old android phone (Snapdragon 835, 4GB of memory, 4.5 years old) opens a smallish 100 entry database with AES-KDF & 500,000 key transformations in ~1 second. I estimate it takes half as long to open the same database set to 1 key transformation. I treat this latter time as the database opening overhead.
Your Android app should be able to set the key transformation setting. I suggest you experiment. As always, make a backup copy of you database before making database setting changes.
Last edit: wellread1 2022-06-27
Apparently that only works on .kdb files, not .kdbx:
https://github.com/bpellin/keepassdroid/issues/223
That is a limitation of KeePassDroid. KeePass2Android is a different app. It supports setting key transformations for the kdbx file format. It may also have different performance.
I use KeePass2Android, if I recall and connect through DropBox but my database is enycrypted so when I use the Android app it as for Password but only a few seconds then it logs in.