undefined | Better HN

0 pointskertoip_14y ago0 comments

> Keepass just stores everything in one encrypted .kdbx file

I've always wondered if this might be a potential vulnerability. If a file leaks some day and attacker gains an access to the file, he has infinite time to try to break a password and you cannot do anything about it. Using online password storage in theory could limit amount of login trials. Also, changing password in kdbx file has no effect as attacker still have physical access to previous file with previous password.

0 comments

7 comments · 4 top-level

staticassertion4y ago· 2 in thread

The nice thing with password managers is you only have to remember the one password. That means it's easy to make that password very strong. And then it just comes down to your key derivation.

https://keepass.info/help/base/security.html#secdictprotect

The documentation here is pretty unclear. I'm not a keypass user and I don't see what the default settings are. The recommendation though is "1 second" with Argon2 though, which seems like a good default.

I did a quick search, https://research.redhat.com/blog/article/how-expensive-is-it...

> cracking an eight-character passphrase [..] encrypted with Argon2 created on a modern laptop would require up to 75,121 powerful machines running for ten years and cost over 4 billion dollars.

So 8 characters with settings leading to ~2 seconds on a laptop (twice the recommendation from keepass) will cost 4 billion. So we can say 2 billion for 1 second (obviously we're hand waving a lot).

And that would still take 10 years.

So basically, if you have a government adversary who really fucking hates you and has a lot of time and money to kill just bruteforcing your volume, go ahead and add a few more characters and consider bumping up the setting to 5 seconds instead of 1. I think every character you add should (hand waving, data dependent) increase the search space by 10x.

kertoip_1OP4y ago

> The nice thing with password managers is you only have to remember the one password. That means it's easy to make that password very strong.

And the BAD thing about password managers is that you need to type that password every time you want to access your database. Of course you can set some strong, complicated password, but you need to remember it and you need to type it sh*tload of times :) But I see your point

proactivesvcs4y ago

Not true. You can have forgone a password. You can have a keyfile and put it on a USB stick. Use a hardware token (I use a Yubikey) or a combination, say keyfile + a short PIN.

Pooge4y ago· 1 in thread

> If a file leaks some day and attacker gains an access to the file, he has infinite time to try to break a password and you cannot do anything about it.

Yes, good point. However, in the database security settings, you can set a decryption time between 100ms and 5s. I've set mine at 5s; I don't mind waiting 5 seconds for it to open, yet it will greatly hinder an opponent's efficiency.

There's also an optional key file. It can be anything as long as it doesn't change. The attacker has to get it, too, or he's in for a serious ride.

kertoip_1OP4y ago

Thanks for tips, I didn't know about it. I need to try it out

gmuslera4y ago

If they access you device your side may be compromised (and a keylogger or cache inspector may defeat most password managers, offline or not).

And even if they get it because your online backup of it is leaky, it is encrypted using AES256 with a passphrase of whatever length you want to use, correct horse battery staple let you to generate complex enough and long, but memorable, passphrases. If your passwords are important enough to try to dedicate a lot of computer resources to break it, you can put a passphrase that can stand brute force attacks for centuries.

drdec4y ago

You seem to be ignoring the possibility that the server behind the online storage is hacked and some files downloaded for offline cracking.

When it comes down to it, everything is in a file somewhere.

j / k navigate · click thread line to collapse

0 comments

7 comments · 4 top-level

staticassertion4y ago· 2 in thread

The nice thing with password managers is you only have to remember the one password. That means it's easy to make that password very strong. And then it just comes down to your key derivation.

https://keepass.info/help/base/security.html#secdictprotect

I did a quick search, https://research.redhat.com/blog/article/how-expensive-is-it...

> cracking an eight-character passphrase [..] encrypted with Argon2 created on a modern laptop would require up to 75,121 powerful machines running for ten years and cost over 4 billion dollars.

So 8 characters with settings leading to ~2 seconds on a laptop (twice the recommendation from keepass) will cost 4 billion. So we can say 2 billion for 1 second (obviously we're hand waving a lot).

And that would still take 10 years.

kertoip_1OP4y ago

> The nice thing with password managers is you only have to remember the one password. That means it's easy to make that password very strong.

proactivesvcs4y ago

Not true. You can have forgone a password. You can have a keyfile and put it on a USB stick. Use a hardware token (I use a Yubikey) or a combination, say keyfile + a short PIN.

Pooge4y ago· 1 in thread

> If a file leaks some day and attacker gains an access to the file, he has infinite time to try to break a password and you cannot do anything about it.

There's also an optional key file. It can be anything as long as it doesn't change. The attacker has to get it, too, or he's in for a serious ride.

kertoip_1OP4y ago

Thanks for tips, I didn't know about it. I need to try it out

gmuslera4y ago

If they access you device your side may be compromised (and a keylogger or cache inspector may defeat most password managers, offline or not).

drdec4y ago

You seem to be ignoring the possibility that the server behind the online storage is hacked and some files downloaded for offline cracking.

When it comes down to it, everything is in a file somewhere.

j / k navigate · click thread line to collapse