Visit Jeremy's Blog.
Go Back > Blogs > sag47
User Name


Rate this Entry

Securing your passwords in KeePass

Posted 12-04-2013 at 11:14 AM by sag47
Updated 12-04-2013 at 11:22 AM by sag47

The Linux port of KeePass is called KeePassX.

The following knowledge base article discusses the encryption mechanisms involved with securing keepass databases.

That's a good read and I highly recommend everyone read it. It tells you about mitigating brute force attacks by modifying iterations of hashes. It even has a little button that computes 1 seconds worth of hashes automatically so that it takes one second to open the kdb and determine if the password is correct. Be aware that 1 second of calculations on your machine will not necessarily take 1 second on other machines.

By default the number of hash iterations to open a database is 6000. When I did the 1 second iteration calculation on my system that number changed to ~12m iterations. It's nothing to wait a second for your kdb to open but that time is an eternity for a brute force attacker.

I also combined a key with my password to make it stronger. I generated the key using dd.

dd bs=1 count=32 if=/dev/random of=./kittens.kdb
Be sure to create an md5 or sha256 checksum of your key so that you can verify its contents at any time.

sha256sum kittens.kdb > kittens.sha256.txt

#alternatively you could use MD5
md5sum kittens.kdb > kittens.md5.txt
Notice I named my key kittens.kdb to attempt to disguise it as a keepass database (lame form a steganography). You can mimic any format but be aware that a 32 byte file will give it away as not being that format.

I recommend, those who use keepass to store passwords, to review this document and make an effort to properly secure their database. If you're not using keepass to store passwords then start using it!

Posted in Uncategorized
Views 2866 Comments 0
« Prev     Main     Next »
Total Comments 0




All times are GMT -5. The time now is 07:52 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration