Ronny Witzgall

Then our experience with windows that pop up is different. The user then says: "I signed up!" "Why doesn't it work?"

Yes, I mean exactly the database. Not the XML file. When a user is won to unlock the database. E.g. by phishing, then the database is broken. And here KeyPass2 has simply shown that this is possible. So the KeyPass database is death.

One way could be for Dominik to return his key for signing. He receives a new key. All old installations or designs are rated with the risk "Very High".

It doesn't matter. Because in terms of safety, the chain is only as strong as the weakest link. And Keypass2 is the weakest link. Thus, the KeyPass database has been weakened. It is worthless, at least on Windows systems.

Of course, nobody prevents me from copying a portable version of KeyPass2 into the user context. When the "Enter password" window appears. Then the user certainly does not enter anything. Or maybe it is?

I have a question. Are Keypass2 and KeypassXC compatible with the database? If the answer to the question is yes. Then the database format they both use is death. Because nobody will prevent me from copying an old Keypass2 installation with the appropriate settings into a KeypassXC installation.