The method suggested in the implementation PR is: dd if=/dev/urandom of=keyfile.key bs=2048 count=1 Whilst KeePassXC can generate them itself, they’re not long enough for my liking (They’re perfectly secure, I just like to be overkill!). The first step to change your key, is to generate a new key. This means rather than using a 45-bit key in an XML file, you can use any file of any size. The new key file format enables using any file as a key file for your database, rather than the XML format. Where before I used 20,000 rounds of PBKDF2, I now use just five rounds of Argon2, to ensure it opens in reasonable time on my phone. Using the 1-second benchmark button suggests using just 23 rounds. Argon2 is far more computationally intensive compared to PBKDF2. If you’re planning to use your database on less-powerful hardware, such as a phone, you’ll want to set the transformation rounds low. The settings I’m using for my database # Mobile These can both be done in the Encryption settings for your database (Database > Database Settings). To migrate to KDBX4, you must change the Encryption Algorithm to “ChaCha20”, and the Key Derivation Function to “Argon2”. Full technical information, and the exact changes can be found on the KeePass website, however it’s not necessary to actually know how it works. There are many format improvements, including support for Argon2, custom data in groups and file attachments to entries. KDBX4 is the latest version of the KeePass database format. There’s little canonical documentation on how to upgrade to use these features, so I’ve written my own! # KDBX4 These new features require some changes to the system, your database file, and browser.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |