![]() ![]() So the extra strenght comes from the fact the attacker needs your key file to complete the 256 bits. So the strenght of the DB is the same, as long as you have a good password. If i understand this correctly both ways, password only and password + key file, result in one 256 bit "key/hash". The formula above then changes to: SHA-256(SHA-256(password), SHA-256(key file contents)). If the key file doesn't contain exactly 32 bytes (256 bits), they are hashed with SHA-256, too, to form a 256-bit key. the hash of the master password is concatenated with the key file bytes and the resulting byte string is hashed with SHA-256 again. When using both password and key file, the final key is derived as follows: SHA-256(SHA-256(password), key file contents), i.e. The random salt prevents attacks that are based on pre-computed hashes. no key file), the password plus a 128-bit random salt are hashed using SHA-256 to form the final key (but note there is some preprocessing: Protection against Dictionary Attacks). it is computationally infeasible to invert the hash function or find a second message that compresses to the same hash. This algorithm compresses the user key provided by the user (consisting of password and/or key file) to a fixed-size key of 256 bits. ![]() In order to generate the 256-bit key for the block ciphers, the Secure Hash Algorithm SHA-256 is used. I've reread some of the documents of keepass: Using an SFTP server on my local network would work, but would as far as I know it is too troublesome to access it from the Internet (no fixed IP) and I'd rather not open my local network at all to the Internet.Īfter this way too long intro my practical question is, does any one know a good secure workflow for keepass2 DB and key files for all my devices desktops and mobile devices (iPhone/ipad)?Ī solution where I don't need a lot of passwords to login to services to get my passwords. My workflow now is insecure both files are on dropbox. ![]() because those account are handled by iOS (at least if you want your mobile experience at least a bit easy) Once authenticated by iOS generally any one can access dropbox, Google Drive etc. So only Cloud or Internet solutions can be used. Then I rebooted the iOS device and tested TouchID access, etc. My first idea was to use a USB/flash card with the key file as just like a regular key (and DB on dropbox), but Apple does not like external storage devices. Open the file once in MiniKeepass, unlock the database once. The securest way to use keepass is to separate the key file and the DB. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |