KeePassXC will generate 128 random bytes. What key file to useĪgain, something sufficiently long and random will do. It adds very little extra protection at the expense of perhaps making your life harder and giving you a false impression of being better protected. Obfuscation is often a weak, deceiving layer of protection, and depending on your threat scenario may as well be avoided. The password on the other hand is there as a barrier when someone has all the physical means of getting into your personal stuff. The idea of the key file is to have something that is impossible to guess and is physically separated from someone doing the attack. But most likely, opening KeePassXC would directly provide the path for the key file up front as it is usually already filled in.
Once the thief in Scenario 2 is in your house, he or she could simply try all the files on your computer (and perhaps use some computer forensic trickery to speed up the search). Whether the key file should be "hidden" is only a matter of obfuscation. Using a key file and password would address both scenarios above. Here a password would have stopped the thief. Scenario 2 (no password, only key file)Ī thief breaks into your home, opens your computer and unlocks your KeePassXC database with your key file. With a key file, only "half" your password has been picked up by the key logger. Another classic scenario is where a key logger has been used to obtain your password. Had you instead also used a key file (that has never been uploaded to Dropbox) the rogue Dropbox employee would be sitting with only "half" your password, hence cannot unlock your database. This perpetrator could simply unlock your database with the password. Suppose you store your KeePassXC database in Dropbox and a rogue Dropbox employee has managed to get hold of your password (or been lucky guessing it right). Here are two such scenarios: Scenario 1 (only password, no key file) The reason for doing so is that it will address various scenarios where a password alone or a key file alone would fall short. The purpose of the key file is simply to "automatically" tack on some extra characters to your password. KeePassXC can generate a key file for you and it will be a sequence of 128 random bytes. That is, if it is a 4 MB large JPEG file it will still be hashed down to a few number of bytes (in comparison to the 4 MB file). The contents of the key file will be hashed anyway before being used together with your password. As long as the key file is sufficiently long and difficult to guess, anything goes.
0 kommentar(er)
