A brute force attack starts by trying every character (A-Z, a-z, 0-9, symbols), then every two character combination (aa, ab, ac…), then every three character combination (aaa, aab, aac), and so on. The reason for introducing a delay is to slow down a brute force attack to the point it is unfeasible in this lifetime.
In fact it kind of feels good to be reminded the program is doing extra work to protect me. That is a delay I can live with each time I attempt to open my KeePass file. My setting is in the high 7 figures, and takes about one second. The default is 6000 which takes less than a millisecond for a modern CPU to churn through. The higher the N, the more time it takes your CPU to process through all the rounds of encryption. What it does is run the master key through N rounds of encryption before applying it.
This screenshot is of version 2.x, but 1.x also has this feature (minus the helpful one second delay button). The setting is called ‘Key Transformation’, accessible in KeePass under File > Database Settings… > Security. This helps make your KeePass file more secure by deterring dictionary and brute force attacks. Your KeePass file might not be as safe as you think, but it is easy to protect yourself with this simple settings change that does not require creating a new kdbx file.
0 kommentar(er)
