LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Blogs > sag47
User Name
Password

Notices

Rate this Entry

Securing your passwords in KeePass

Posted 12-04-2013 at 12:14 PM by sag47
Updated 12-04-2013 at 12:22 PM by sag47

The Linux port of KeePass is called KeePassX.

The following knowledge base article discusses the encryption mechanisms involved with securing keepass databases.

http://keepass.info/help/base/security.html

That's a good read and I highly recommend everyone read it. It tells you about mitigating brute force attacks by modifying iterations of hashes. It even has a little button that computes 1 seconds worth of hashes automatically so that it takes one second to open the kdb and determine if the password is correct. Be aware that 1 second of calculations on your machine will not necessarily take 1 second on other machines.

By default the number of hash iterations to open a database is 6000. When I did the 1 second iteration calculation on my system that number changed to ~12m iterations. It's nothing to wait a second for your kdb to open but that time is an eternity for a brute force attacker.

I also combined a key with my password to make it stronger. I generated the key using dd.

Code:
dd bs=1 count=32 if=/dev/random of=./kittens.kdb
Be sure to create an md5 or sha256 checksum of your key so that you can verify its contents at any time.

Code:
#SHA-256
sha256sum kittens.kdb > kittens.sha256.txt

#alternatively you could use MD5
md5sum kittens.kdb > kittens.md5.txt
Notice I named my key kittens.kdb to attempt to disguise it as a keepass database (lame form a steganography). You can mimic any format but be aware that a 32 byte file will give it away as not being that format.

I recommend, those who use keepass to store passwords, to review this document and make an effort to properly secure their database. If you're not using keepass to store passwords then start using it!

SAM
Posted in Uncategorized
Views 525 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 12:48 AM.

Main Menu
Advertisement

Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration