Jan Kratochvil

Thank you Mr. Reichel. (I'm going to try it out)

It is necessary to wait if there will be a fix in the new version of Keepass or not. Either publicly or quietly. And then we'll see what's happening with Keepass. The problem is clear, everything has been said at the beginning of this thread, the only one who can push it further is the author himself. In the worst case there is a possible way, namely Keepass 1.x, but DB is not fully compatible. I don't suppose the author will implement a triggering system to this version as well. ;)

I am convinced that the author of Keepass knows and is well aware of all that we have written here. Now it's just a matter of whether it can publicly admit it and implement a fix, or whether Keepass will fade into obscurity and eventually be flagged as a potentially exploitable application in all malware databases. I understand that this is a hard decision. One more note - I am of the opinion that most of the users have been using Keepass for years and not other applications with a similar label...

Exactly. There will be hundreds of scenarios like this.

Then I hope that in all the years you have been using Keepass you have never used it on a PC where there is another admin account than yours, because you would probably never notice that your data is no longer just yours... And yes, what you say would be the way I think the situation should go. Perhaps the author of the application himself will change his mind. I hope so.

Yes, I can imagine that quite easily and no, it's not really the same. To get the data from all the Keepass DBs on the network he manages (he has admin access to all the PCs), all he needs now is a notepad. No one will know anything, everything will be done in the background, it is enough if he waits a while... This is so easy, incomparably easy with what you mentioned. Why replace Keepass with your own code to get the data, to deal with signing, antispam, etc., when the existing Keepass application...

Yes, that's true, it won't increase the security (maybe it will make it a bit more complicated). We can try to talk about it, maybe it will move the discussion a bit, because I still think this is a problem to be solved, not that it isn't. Let's stay with the example I mentioned, where there is another admin account on the PC, i.e. a PC on the company network. The administrator of such a PC can quietly export data from the Keepass database without any effort, without knowing the master key and without...

So it would be enough if at least these, if not all settings were inside the database and not in an external xml file.