KDBX 4 File Format

<< < 1 2 3 4 5 > >> (Page 4 of 5)
  • Dominik Reichl

    Dominik Reichl - 2016-10-26

    When talking about password hashing, the authors of Argon2 primarily had servers in mind (where the server receives a password, hashes it and compares the hash with hashes stored in a database). Here, side-channel attacks (especially timing attacks) are very relevant, thus Argon2i is the better choice here.

    However, KeePass is a local application, not a server. In our scenario, it is likely that an attacker gets the database file of a user (e.g. due to the user storing his database file in a cloud service and an attacker gaining access to it). What we need is a strong defense against offline attacks (e.g. GPU-/ASIC-based attacks), and this is what Argon2d is for. In the case of KeePass, I consider a strong defense against offline attacks to be far more important than a defense against side-channel attacks.

    Best regards,

    PS: The development snapshots basically are beta versions. Maybe I'll make some release candidate, not sure yet.

  • Squeller

    Squeller - 2016-10-27

    Very interesting development. As for the Argon2 arguments, they will probably be a difficult thing for the end user. I agree we need a strong defense here in password hashing exactly for the mentioned case (attacker gets password database).

    I personally always set numbers to ~10 seconds computation time on my PC...

    I didn't know the Argon2 algorithm and currently try to find out in how far # iterations/memory affect computation time. Without knowing anything, I thought "memory" means "use of memory"-> more memory, shorter computation time, but the opposite is the case.
    I think some hint popups, or instant predictions (while changing numbers) would be helpful.

    Last edit: Squeller 2016-10-27
  • Alexander

    Alexander - 2016-11-01

    P.S. Dear Dominik, could you be so kind to add some heart icon to upcoming release?
    Users could use heart to mark favourite sites/folders and its presence will nudge towards love.

  • Dominik Reichl

    Dominik Reichl - 2016-11-01

    Most browsers use a yellow star icon for favorites, and KeePass already does have a yellow star icon, too (icon 61).

    I'm currently not planning to add a heart icon. If you need one, you can import one into your database.

    Best regards,

  • Justin

    Justin - 2016-11-19

    I looked at the page linked that lists changes in KDBX 4 and had a question about the "Plugins can now store custom data in entries and groups" part.
    Will it be possible to manage this custom data when the plugin is not available?
    Right now, if you use a plugin like the "Entry Templates for KeePass" plugin, the values created when using it are stored as String Values such as the Credit Card Template which uses the string value name "etm_num" for the Credit Card Number.
    If for some reason I can't load that plugin (such as not being compatible with new version of KeePass), I can just go to the "Advanced Tab" to view the "etm_num" value to get that info without the plugin loaded.
    If that plugin changes to use this "custom data" feature and there isn't a way to view those values without the plugin being loaded then I can't access that data at all.

  • Paul

    Paul - 2016-11-19

    You can view / delete the data from the Properties tab for entries and the Plugin Data tab for groups. You can't add or change the data.

    cheers, Paul

    • Justin

      Justin - 2016-11-21

      You can view / delete the data from the Properties tab for entries and the Plugin Data tab for groups. You can't add or change the data.

      Thanks for the info.
      I have not downloaded the development version of KeePass so I didn't know that was there.
      I had assumed that if the feature was there, that the linked document would mention that but I guess since the document is about the new format and not what the new software version's behavior is, then that makes since.

  • Julio Maranhao

    Julio Maranhao - 2016-11-30

    I don't know if KeePass database allows more than one method to open it. I know one can compose methods. For instance password + keyfile or, via plugin, password+ YubikeyChalengeResponse.

    If KeePass db is not designed to use some kind of slots idea (like LUKS) what do you (Reichl) think about implementing it in this new format? The main reason is if I use a hardware based 2FA like a smartcard or OTP or FIDO U2F and loose the hardware I cannot open the database anymore. With slots I could setup a 2nd or 3rd way to open the database by means of a super strong password and back it up for emergency.

    Did you make any discution about it already?

  • Paul

    Paul - 2016-11-30

    The issue is that the KeePass is encrypted by one key, so only one will decrypt. Having a second / emergency key would require a way to convert two keys into the same single key.
    I can see this done as a plug-in, but I doubt Dominik would want to change KeePass to allow this.

    A work-around for this would be to export the database and use KeePassNewKeyExport plug-in to change the master key.

    cheers, Paul

  • Dominik Reichl

    Dominik Reichl - 2016-11-30

    You already can develop plugins that allow opening a database using different keys. As an example, see the OtpKeyProv plugin. The primary way of opening a database is to enter one-time passwords, but you can alternatively switch to the recovery mode tab and enter the generator token's secret key. Another example are the certificate-based key provider plugins: a randomly generated key is protected using one or more certificates, allowing different users to open a database with their own certificates.

    I'm currently not planning to add slots for KDBX 4; maybe in the future.

    Thanks for the suggestion, best regards,

  • Julio Maranhao

    Julio Maranhao - 2016-12-01

    Thank you Paul and Dominik. My knowledge about these plugins is faulty. It seems that some of them already do what I want. And ultimately if it can be made by means of plugins them there's no need to change the base code. The plugin architecture is what I like more in KeePass2.


  • Alexander

    Alexander - 2016-12-03

    Dear Dominick, what do you think of PCG random generator?
    Comparison clearly states it is a winner among various niche solutions.
    Since you’re in the middle of major security update, perhaps it could be of use.

  • Dominik Reichl

    Dominik Reichl - 2016-12-04

    KeePass currently uses SHA-256/SHA-512 and Salsa20/ChaCha20 for generating secure random numbers. These are well-known cryptographic algorithms that are considered to be secure today.

    PCG does look interesting. However, it is rather new and it's questionable whether it's cryptographically secure. Secure random numbers are very important in the case of KeePass, and I prefer to use well-known algorithms here. Maybe in a few years, when researchers have thoroughly analyzed PCG and didn't find any weaknesses from a cryptographic point of view, I'll consider it again.

    Thanks and best regards,

  • kilayurak328

    kilayurak328 - 2016-12-30

    Dominik, can you please add an option to select the colors of the rows? (the color for when you click a row, and also for the alternating row colors)

    My eyesight isn't the best, and high contrast colors would be very useful. Thanks!

  • T. Bug Reporter

    T. Bug Reporter - 2016-12-31

    The highlight and regular background color are controlled by Windows; AFAIK the alternate row color is the only one of these controlled by KeePass - because Windows doesn't have a standard setting for this. I suppose a control for this could be added to KeePass - and probably should, in case the default color that KeePass uses happens to be too close to the one the user selected for the normal background.

    It's also possible (I haven't looked at the program code) that this color is already calculated to be a contrasting variant of the system background color - some programs do that, but I don't know if KeePass is built that way.

  • Dominik Reichl

    Dominik Reichl - 2017-01-01

    The alternate item background color is indeed computed dynamically (by lightening or darkening the regular background color, depending on whether this color is rather dark or light), with white being a special case where the alternate color is defined to be RGB(238, 238, 255).

    Anyway, I think it's a good idea to make this customizable by the user, and have now added an option for this (in 'Tools' -> 'Options' -> tab 'Interface').

    This is a global option; the KDBX file format has not changed.

    Here's the latest development snapshot for testing:

    The regular background color and the highlight effect are specified by the currently active Windows theme.

    Thanks and best regards,

  • T. Bug Reporter

    T. Bug Reporter - 2017-01-01

    I suggest you put some text on the button (e.g. the word "Select"); at first I mistook the blank button for a text entry field, and was wondering what to enter there. Also, text on the colored button would allow the user to preview how well the colors mesh.

    Also, does the checkbox translate to the mere presence or absence of <EntryListAlternatingBgColor>? (Just so I know.)

    Last edit: T. Bug Reporter 2017-01-01
  • Dominik Reichl

    Dominik Reichl - 2017-01-02

    Thanks for the suggestion. I didn't find any UI guideline related to color picker buttons, but various other applications (Internet Explorer, Firefox, Thunderbird, GIMP, Inkscape, WinMerge) also don't draw text on color picker buttons, so I think I'll leave it as it is. To reduce confusion with a textbox, I've made the button slightly smaller now.

    If the checkbox is turned off, there is no EntryListAlternatingBgColor. If the checkbox is turned on and a custom color has been selected, EntryListAlternatingBgColor stores the ARGB value (Int32) of the color (with the A part always being 255, as currently only opaque colors are supported).

    Best regards,

  • Alexander

    Alexander - 2017-01-11

    Dear Dominick, both 256/1/2 and 16/16/2 (iterations/MB/parallelism) takes ~0.6 seconds with Argon2 in place, but which variant is the better way to go and why?

  • Alexander

    Alexander - 2017-01-12

    Paul, that thread is kinda geeky like “let’s throw everything developers know about Argon2 into it”.
    Dominick possesses a valuable skill to boil down hard topics into easily grasped, concise ones.
    That’s why the question remains: 256/1/2 vs 16/16/2 ?

    Last edit: Alexander 2017-01-12
  • wellread1

    wellread1 - 2017-01-12

    RE: both 256/1/2 and 16/16/2 (iterations/MB/parallelism) takes ~0.6 seconds with Argon2 in place, but which variant is the better way to go and why?

    I believe you are asking the wrong question. The question is not which is "better" on the user's hardware, but which makes it more expensive (in time or other resources) to execute an effective large scale password attack. Attackers were able to accelerate cracking by migrating to dedicated ASICs or other hardware where very fast hashing can be accomplished with low amounts of memory. However the Argon2 specs paper notes in its introduction:

    "...these new environments are great when the computation is almost memoryless, but they experience difficulties when operating on a large amount of memory."

    Wheras the user is likely to work in a memory rich environment, it is currently very difficult for an attacker to scale the memory and memory performance to the levels needed to maintain the extremely high hashing rates required for effective password cracking.

    Last edit: wellread1 2017-01-12
  • Alexander

    Alexander - 2017-01-12

    So both 256i/1MB/2p and 16/16/2 are not optimal and I should increase MB, right? 1i/200MB/2p seems to do the job for the same 0.6 seconds then. However default settings (2i/1MB/2p) use more iterations than memory and Keepass advises to increase iterations without touching memory hence the confusion.

    Last edit: Alexander 2017-01-12
    • Gordon Paul

      Gordon Paul - 2017-01-12

      The advice from the research is:

      Run the scheme of type y, memory m and h lanes and threads, using different number of passes t. Figure out the maximum t such that the running time does not exceed x. If it exceeds x even for t = 1, reduce m accordingly.

      In KeePass terms this means:

      1. Select memory (in KeePass)
      2. Select parallelism (in KeePass)
      3. Determine how long (in your head) that you want KeePass to take to save/decrypt your database
      4. If when you press 'Test' it takes longer than the pre-determined time then reduce the memory expenditure even if your iterations are set to 1.

      1. Assume you want to slow an attacker down to around 1 guess every 5 seconds
      2. You choose: 2000 MB of memory, 8 cores and 1 iteration.
      3. After pressing 'Test' it takes 6 seconds.
      4. Because you've only got 1 iteration you must reduce the memory in order to make it meet your target of 5 seconds.
      5. You reduce the memory to 1700 MB.
      6. Your test completes in 4.7 seconds.
      7. Leave the settings as they are.

      1. Assyme you want to slow an attacker down to around 1 guess every 10 seconds

      2. You choose: 1000 MB of memory, 8 cores and 1 iteration
      3. After pressing 'Test' it takes 2.7 seconds.
      4. This is far too quick. You can either increase memory (up to 2 GB) or increase iterations.
      5. Let's increase the memory to 1500 MB.
      6. After pressing 'Test' it takes 4.15 seconds.
      7. This is still too quick.
      8. Let's increase the iterations to 2 leaving the other settings the same.
      9. It takes 7.8 seconds.
      10. Still too quick.
      11. Increase the iterations to 3.
      12. It takes 10.9 seconds.
      13. Too slow.
      14. Decrease the memory to 1380 MB leaving the other settings the same.
      15. It takes 9.9 seconds.
      16. Leave the settings as they are.

<< < 1 2 3 4 5 > >> (Page 4 of 5)

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks