Include WUA in "Remember key sources..." option
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
Please expand the meaning of the "Remember key sources (key file paths, provider names,...)" to include the Windows User Account check box state. This option is a convenience option, and the security penalty for remembering the check box state is only 1 bit.
Good idea! I've implemented it.
In my opinion, this isn't really a security penalty (not even 1 bit). It's like with key files (where the key file contents need to be kept secret, not the file's location): the user account key data needs to be kept secret, not the information whether or not the user account is used. It's rather easy anyway to find out whether it's used or not (e.g. by inspecting the last access time of the 'ProtectedUserKey.bin' file).
Here's the latest development snapshot for testing:
http://keepass.info/filepool/KeePass_130227b.zip
Thanks and best regards,
Dominik
Thanks for pointing out the security is unaffected because WUA linkage can be inferred by inspection of the ProtectUserKey.bin file time stamp.
The development snapshot works great and makes using my autoopen database more convenient.