Passwords ProtectionWhile KeePass[1] is running, your passwords are stored encrypted [2] in process memory. For this, the ARC4 encryption algorithm is used, using a random, 12 bytes long key.
On Fast Track
This means that even if you would dump the whole KeePass process memory to disk, you couldn't find the passwords (at least not in plain text). Note that this only applies to the password [3]field, not to the user names, etc. because of performance reasons.
When you are copying a password to the clipboard for example, KeePass first decrypts the password field, copies it to the clipboard and immediately re-encrypts it using the random key.
Additionally, KeePass erases all security-critical memory when it's not needed any more, i.e. it overwrites these memory areas before releasing them (this applies to all security-critical memory, not only the passwords field).
Key Locking the Workspace
Locking the workspace closes the database file, and remembers the last view settings (i.e. which group and entries you selected, list position, etc.).
This provides maximum security: unlocking the workspace is as hard as opening the database file the normal way. Also, it prevents data-loss (your computer can crash while KeePass is locked, without doing any damage to the database).
Plugins Security
Separate pages exist about the security of plugins: Plugin Security (KeePass 1.x), Plugin Security (KeePass 2.x).
Black Box[4] Self-Tests
Each time you start KeePass, the program will perform a quick self-test to see whether the block ciphers[5] and the hash are compiled correctly and pass their test-vectors. If one of the algorithms doesn't pass its test vectors, KeePass will show a security exception message box at startup.
References References and Further Reading
Security - KeePass(1) National Institute of Standards and Technology: Report on the Development of the Advanced Encryption Standard (AES) (PDF).
(2) Bruce Schneier's blog: SHA-1 broken.
[3] Bruce Schneier's blog: Cryptanalysis of SHA-1, with comments about the impact of that discovery and what to do now.
with
Dr. Ashok Koparday
[1]
[2]encrypted
password
[4]
[5]block ciphers
Sunday, January 11, 2009
best-secure-password-generator-9
Posted by Unknown at 11:33 PM
Labels: Advanced Encryption Standard, Bruce Schneier, cryptography, Encryption, KeePass, National Institute of Standards and Technology, Password, Security, SHA hash functions
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment