How many use the key file and why
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
Menu
▾
▴
Hi All,
Just wondering, how many use the optional key file (used to open the KeePass database) and why?
I'm new to using KeePass and was wondering what the key file brings if you have a strong password...I know it does additional encyrption. I'm just curious as to how many of the users actually use it...
Thanks,
Bob
A key file has advantages in use, but disadvantages in backup. I use a strong password to allow my database to be portable.
cheers, Paul
An example on how it could be used - store the Keyfile on a USB Flash Device, and thus your password is only accessible when you enter your PW *and* the UFD is connected.
Disadvantages - you'll probably want to triplicate your backup of this keyfile as it is critical to get into the database - without a keyfile, any database that specifies a keyfile as part of the security method is inaccessible.
I do like Paul and use a strong password only, as I take my entire program and database with me wherever I go on my UFD....
I use a key file, however the key file is on a Truecrypt encrypted device and is backed up ENCRYPTED 4 times in various forms, I use a key file for one click starting of Keepass via a shortcut.
1 - I have the DB file on a portable USB drive that allows to maintain a single copy of the Kepass DB.
2 - The Key File is replicated on the HD of the PC's I use regularily.
3 - The main pasword is in my mind.
If I loose the USB drive, the DB is protected.
The main password is a nuisance, but may be less strong IMO, because of the Key file.
Any comment ?
Hello Nemo.
I have been using the same scheme as you for a moment, until the day I asked myself the pertinence of having a key file, if I had to bring it along with me most of the time, most likely resulting in keeping it alongside with the database.
You have 2 options :
- not having the keyfile on the usb stick, and then you're screwed whenever you have to use your database on a new computer, you have to remember and bring the keyfile the first time you use it
- keeping the keyfile with the database, making it quite useless
Plus, replicating the keyfile between several computers increases the chances of having it stolen, one way or another.
All these thoughts drove me to the same conclusion as Paul : having ONE STRONG password, and only that.
On a second thought, I guess people wishing to use the keyfile should use it like that :
- keep a duplicate of the database on each computer
- travel with the keyfile on an usb stick or whatever (and be sure to keep a backup of it, somewhere very safe)
This way the database is perfectly secure.
Drawbacks :
- same as before, you have to duplicate the database on each new computer you use
- problems of synchronization between each instance of the database
I guess there's no real "easy" use of the keyfile.
Actually I can't really see a use case when the keyfile proves useful at all, to begin with.
Especially since you have to worry very much of keeping several copies of it, because you can't afford to lose it.
I'm also looking forward to comments from people using it, though !
Bob has a great question, but I strongly disagree with some of the comments here concerning the value of a key file. Sorry for being long-winded, but here goes...
KeePass allows either 1) a password only, 2) a keyfile only, or 3) BOTH together).
I would never use the keyfile only option; you have to maintain absolute security of your keyfile if you do, as this is all that's needed to open the gates to your password kingdom.
A strong password alone is the next best thing, but a strong random password is hard to remember, so what to do? Writing it down may not be the best idea, so many people will end up using a password they can remember, which probably isn't as strong.
I use a keyfile AND a password. Using a keyfile and password together essentially allows you to use a somewhat weaker password that can be remembered, but with the advantage of having the equivalent of a super-strong password when it's combined with the keyfile (the Truecrypt website offers some further insight into keyfiles). The keyfile can be ANY file (.jpg, .txt, etc.). I keep my one keyfile on my USB drive, which is backed up to my work and home PCs. Why doesn't this concern me? Because there's no way for anyone to know which file is my keyfile. You should make sure that whichever file you choose as a keyfile, that it is never a file that will change (you can RENAME it to as many different names as you want, but it must never be modified (its "hash value" must never change) once you start using it as a keyfile, or it will no longer unlock you database when used along with your password. Also, it should be a file with sufficient entropy (let's just say, make sure it's a dense file, not just an empty text file. A .jpg file of a family picture, for example, should work fine).
I suggest NOT using the default "pwsafe.key" file name option with its default location in the root directory, instead place your keyfile somewhere else on your drive(s) so there's no way to know it's a keyfile for your KeePass database. (Remember though, if you have a bat file somewhere that you are using for KeePass command line options, that this could point to your keyfile if you choose to use that command line option.)
OK, so let's suppose someone figures out somehow that a particular file is your keyfile. That person would still need to know your password. How much worse off are you?
Consider these advantages of using a keyfile along with your password:
Additional protection against keystroke loggers for your database password
Two-factor authentication (something you know (your password) and something you have (your keyfile)
Increased difficulty for password cracking software
Ability to use a good password that you can remember and not have to write down
Also, is see no problem with backups. The database file is a single file that can easily be backed up in multiple locations (same with your keyfile). I use my the database file on USB as my "working" file, and back that up to my home PC and work PC whenever possible. That way, I always have the most current database with me on my USB, but I'm covered if I loose my USB.
Best,
Ian
Ian (fort7135) - 2008-08-21 22:19 gives the main reasons that I use a key file.
I find it to be just a bit safer than using only a password (and I don't ever use it by itself), which could potentially be brute forced, since a database like this does not (to my knowledge) have a password retry limit.
Anyway, by Adding a key file, brute force is a bit more difficult, because the key file would also need to be known.
Like Ian says, you don't have to (and probably shouldn't) use the default pwsafe.key, since a cracker may be aware to look for that. Although, to make things even more difficult, I usually make a number of .key files and then I use something different as my key file [or do I ;) ??? ]. If I can make it that much more difficult for a cracker to get in, all the better.
Of course, the other reasons I will do that is so that I feel a bit more comfortable when I am porting between 2 systems. If I were to lose my usb key, I feel more confident that my database won't be as easily cracked without the key file on it.
If you need your database to be portable, and don't know if you are going to be on someone else's computer, I suggest using a file that you can always find on the Internet. If you have a blog site, or something where you can place an image that you use as your key file, then it is always available to you wherever you go (as long as you have Internet access, and as long as you don't change or remove the picture).
It all depends on how paranoid you are, which is likely dependent on how much you could lose if your password db were cracked.
Hope this helps.
Later
The question of using password+/or keyfile is simply a question of your security model. Everything has has a specific probability and security: The probability if a password can be stolen, if a keyfile can be stolen, and every medium holding the password or the keyfile has it's specific security. Additionally the infrastructure you use for eventually distributing your keyfile.
So it's not a question of religion, but of your personal security model and surroundings.
Michael, I agree with your point entirely. I think everyone needs to take a moment to assess their own situation. I tend to look at the most secure implementation, and then back off a bit to facilitate convenience. So that's where I come from when I converse, but I don't assume my way is the best way :)
On my point about me personally never using a keyfile alone, I would add that this could be secure enough in the right situation. For example, for someone using KeePass on PC that is in a secure area, or with whole drive encryption, etc., a keyfile alone might be a reasonable option.
A keyfile is a good option for a non portable database - I just need to remember the passwords on my home computer and keep the key file on my USB stick. It is easy to use, can be backed up easily and is always to hand.
Portability makes it a little harder.
cheers, Paul
I use a keyfile in a special way. I have my main keepass DB with a strong password on a my harddrive and on a USB drive I carry with me. Periodically (after significant updates) I copy the harddrive version to the USB drive. And then I create another version with both a strong password and a keyfile. I store this keyfile in an online password manager website and I store this special Keepass DB on a different website.
Why? If I don't have my USB drive with me, I can still get to the the Keepass DB on-line. Yes, it is a two step process to get the keyfile and the Keepass DB. I just feel safer this way.
Yes, the USB drive can be stolen too. If stolen I would know it quickly and have enough time to change the passwords stored in my Keepass DB.
Ian said:
"The keyfile can be ANY file (.jpg, .txt, etc.)."
For real? I see nothing about that in the documentation. That would be a definite plus.
Hi James E.,
it's e.g. indicated here:
[http://keepass.info/help/base/security.html#seckeyhash]
"If the key file doesn't contain exactly 32 bytes (256 bits), they are hashed with SHA-256, too, to form a 256-bit key. The formula above then changes to: SHA-256(SHA-256(password), SHA-256(key file contents))."
James, just make sure you never change the jpg, txt etc file.
cheers, Paul
Well, I tried using a .jpg, but making it a key file corrupted it as an image file. Is that supposed to happen?
If an image file doesn't show a thumbnail and won;t open in an image viewer, it's a potential giveaway, I would think.
--James
Never mind, mea culpa. I overwrote the file when I made it a key file.
--James
I've now added information about how to use an existing file as key file to the composite master key documentation: http://keepass.info/help/base/keys.html
Best regards
Dominik
If a database has only a master password, you can open the database using a key file. If a text file contains only the master password then this file can be used instead of a master password.
I'm not sure when you'd do this, but the option is there.
Ryan, I believe you are confused. These are your options:
1) a password only, 2) a key file only, or 3) BOTH together).
If your database key consisted of a password only when you created it, then that's ALL you can open it with. Same if you used a key file only.
If you created a composite master key consisting of a password AND key file, then you MUST use both TOGETHER to unlock your database; you CANNOT use one or the other.
Regards,
Ian
Well, Ian, there is a situation in which a password and a key file can be used interchangeably to encrypt/decrypt a db:
when the password equals the content of the key file; either the password or the key file is used but not both.
That's because the hash algorithm doesn't care about the source of the user key: keyboard, files or whatever may be.
In other words the password and the content of the key file are just streams of bytes.
So, for
encrypt("pass", info) ==> db
you can use
decrypt(keyfile, db) ==> info
where keyfile contains "pass" (without quotes).
But not like this:
encrypt("pass", info) ==> db
decrypt("pa" + keyfile, db) =/=> info
Nah. Doesn't matter if keyfile contains "ss".
That's interesting! I stand corrected. :)
Best Regards,
Ian
Nope, I'm not using keyfile. Altough I have thought about it. But currently I'm trusting proper maybe too long passphrase which gives enough security. Actually if you have truly random long password, using keyfile won't provide any additional security. (I don't know what kind of implementation has been used, it still might) (AFAIK)
I have used high number of encryption iterations (over 1 million) to provide protection against brute force attacks.
I use a Key file.
I keep the DB on my PC/Laptop (Win/Ubuntu) backup to jungledisk and carry the key on usb flash disk.
I have stashed the key in separate places, never with the database.
It is a bit of a nuisance at time to enter, but I think the security is worth it. I have been using an encrypted DB for my stuff for years, on PC/Palm/PPC.
It might be better as another poster does to keep the key on the machines and the DB on the removable disk, at least that way I would always be carrying a current set of passwords. However JD backup up on the hour so I don't think I have much to be concerned about there!!.
Unless of course I lose the DB , which has the jungledisk login which is of course utterly impossible to remember as KeePass generated it!!