Security Query.

2008-12-04
2013-04-22
  • Nobody/Anonymous

    Re security.
    I have understood the security of your KeePass database file when it is on the hard disk or on a USB toggle, and that it is for all intents and purposes perfect.
    I would like to ask what the security position is when the information is displayed on the screen. If a Trojan or virus did have access to my computer and the information was on screen or minimised, would they have access to the passwords etc? while I am using the program?
    I find your program first class, but just have the worry that while I am working with the information it might be accessible.
    Would it then be considered that by placing the password on the KeePass one had violated a condition of internet banking?
    Please reply to my e-mail address as I am not quite sure how to access the Forum
    peter@stross.net

     
    • Tobias

      Tobias - 2008-12-15

      Hi Peter!

      Sorry, no private e-mail support.
      You can have a look at the security page from Dominik on: http://keepass.info/help/base/security.html

      Generally it is always possible for an evil trojan / virus program to make a snapshot of your whole screen including everything which is displayed on it. That includes of course also passwords. So if you want ultimate security, a dedicated device with no access to the internet, which does nothing but "password storing" and is security certified is of course the tool of choice.

      As soon as you have a program running in parallel with other programs on the same device, sharing the same memory (=steal the password by finding a way to access the data),
      screen (=do a snapshot whenever the program is in the foreground),
      keypad (=just copy the whole database and run a keylogger to get the masterkey).
      You have the risk of the data being stolen.
      Manipulating the program or adding a backdoor to it, so that it uses a default password known to the hacker is also an option.

      So my 10cents would be:
      - Keepass is ideal for storing your Browser, E-Mail, Forum passwords
      - Storing all your online banking passwords + TANs is most likely considered a "severe"
        security violation if things go completely wrong.

      So it is up to your own judgement how much you trust KeePass(PPC/SD) and your PC and how sensitive the data you wanna store in it should be.

      Bests,
      Tobias

       

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks