pborsutzki

It's funny you explained HMAC while not even knowing what HOTP stands for... I don't think it's practical for an HMAC. I am sorry if you felt insulted in any way by my explanations. This clearly wasn't my intention and I beg your pardon if it came out wrong on my end. This wasn't my intention. Please also note that I am neither a native english speaker, nor a crypto expert. The latter one is the reason why I came here, to discuss my idea with others who might know more about cryptography than I do....

Thanks for your answers. I hope I can shed more light on some of them and help understand my proposal better. Changing KeePass to remove the print / export / trigger functions seems to be an easier option for a super secure version. I do not see how this would change security on a compromised system. It would only make an attack a bit more complex or just different eg. by grabbing the master key instead of dumping the database through the UI or the OS. This assumes you are protecting against a KeePass...

Hi, since a while I own some physical security tokens (different YubiKey 5s) and I'd like to improve my KeePass security using them. I've had a look at some plugins that seem to do this (KeeChallenge, MultiCipher) and noticed that they "only" try to extend the master passwords security. While this seems like the simplest thing to implement it still leaves the complete database more or less unprotected in memory after it has been unlocked once. Also the token isn't required any more for further interactions...