KeePass Database Security Choices

Topic

New Reply

Greetings All

In looking over my KeePass setup, under File/Database settings…, I noticed the Security Tab and the various entries there.  The two main choices are AES/Rijndael and Chacha20.  Each has various subsections that also can be modified.  Not that I have any state secrets to hide, but I would like to select the most secure options.  Any thoughts on what might be best would be greatly appreciated.

I currently have AES selected, with Argon2d as key derivation function, 4 iterations, 1GB memory, and 6 parallelism.  I also have no idea what any of those terms mean.

Casey H.

Reply | Quote

Replies

The other options are to use different encryption or adjust the settings of the encryption. They are available because they are the latest standards, but for most people they don’t add any extra security.

If you also use your database on a phone you may not want the newer standards, like Argon2, because the phone may not be able to open the database due to lack of processor/memory.

The one thing that you should do is use the “1 Second Delay”” button to let KeePass adjust the settings for you. Once you have done this you need to test opening the database on the phone to make sure it doesn’t take too long.

cheers, Paul

1 user thanked author for this post.

Casey H

Reply | Quote

Thanks Paul.  I don’t do anything sensitive on my phone, I just don’t understand the system well enough to be comfortable that I have sufficient safeguards in place.

Clicking the 1 second delay button changed my settings to 64 Mb Memory (from 1 Gb), Parallelism to 2 (from 6), and Iterations to 37 (from 4) . Clicking the test button, the test took 1.007 seconds, pretty much the same as with the original settings.  I only have a vague understanding of what that accomplished.  I made this change on my Desktop PC; I’m wondering what will happen with the same procedure on my Laptop.

Casey

Reply | Quote