Do not use default options for the scrypt utility and keepass2!

Here is example with more secure options:

$ sudo apt-get install scrypt
$ scrypt enc -M 1073741824 -t 200 secret.txt encrypted.scrypt

If you have several GB of free memory you can increase the memory usage several times.

My tests confirm that the "-t" parameter is not working correctly - it takes less than 200 seconds to derive the key from your password.

Archiving private keys - TLDR version

Learn more about key stretching.

Keepass2 have the option to specify how slow should be the KDF. Click on "1 second" and then add one zero at the end of the number (10 seconds). This will slow down the opening of the database. However, it will also slow down the saving.

After I tried to open the database made by Keepass2 with KeepassX I noticed that KeepassX is opening the database much faster than Keepass2 (it takes part of the second compared to 10 seconds with KeePass2). This means that you get false sense of security when your KDF hardness is set to 10 seconds (5701900 on my computer) with Keepass2, because with the most efficient algorithm it takes less than a second (I don't know how efficient is the algorithm used by KeepassX, but it's obviously very efficient compared to KeePass2).

Comments

TedJonesWeb.blogspot.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com

Popular posts from this blog

The new Bitstamp's KYC (Know Your Customer) questionnaire is intrusive and out of control

"The Uncensored Hidden Wiki" fake replica!

Do not use (only) flash memory (SSD drives, hardware wallets, USB flash drives) for your precious private keys!

Archiving private keys - TLDR version