Securing your passwords in KeePass
The Linux port of KeePass is called KeePassX.
The following knowledge base article discusses the encryption mechanisms involved with securing keepass databases.
http://keepass.info/help/base/security.html
That's a good read and I highly recommend everyone read it. It tells you about mitigating brute force attacks by modifying iterations of hashes. It even has a little button that computes 1 seconds worth of hashes automatically so that it takes one second to open the kdb and determine if the password is correct. Be aware that 1 second of calculations on your machine will not necessarily take 1 second on other machines.
By default the number of hash iterations to open a database is 6000. When I did the 1 second iteration calculation on my system that number changed to ~12m iterations. It's nothing to wait a second for your kdb to open but that time is an eternity for a brute force attacker.
I also combined a key with my password to make it stronger. I generated the key using dd.
Be sure to create an md5 or sha256 checksum of your key so that you can verify its contents at any time.
Notice I named my key kittens.kdb to attempt to disguise it as a keepass database (lame form a steganography). You can mimic any format but be aware that a 32 byte file will give it away as not being that format.
I recommend, those who use keepass to store passwords, to review this document and make an effort to properly secure their database. If you're not using keepass to store passwords then start using it!
SAM
The following knowledge base article discusses the encryption mechanisms involved with securing keepass databases.
http://keepass.info/help/base/security.html
That's a good read and I highly recommend everyone read it. It tells you about mitigating brute force attacks by modifying iterations of hashes. It even has a little button that computes 1 seconds worth of hashes automatically so that it takes one second to open the kdb and determine if the password is correct. Be aware that 1 second of calculations on your machine will not necessarily take 1 second on other machines.
By default the number of hash iterations to open a database is 6000. When I did the 1 second iteration calculation on my system that number changed to ~12m iterations. It's nothing to wait a second for your kdb to open but that time is an eternity for a brute force attacker.
I also combined a key with my password to make it stronger. I generated the key using dd.
Code:
dd bs=1 count=32 if=/dev/random of=./kittens.kdb
Code:
#SHA-256 sha256sum kittens.kdb > kittens.sha256.txt #alternatively you could use MD5 md5sum kittens.kdb > kittens.md5.txt
I recommend, those who use keepass to store passwords, to review this document and make an effort to properly secure their database. If you're not using keepass to store passwords then start using it!
SAM
Total Comments 0