5

How secure is KeePass KDBX4 by default if someone obtain the .kdbx file and attempt to brute-force it without knowing any hint of the master password?

With assumption :

  1. The password length is equal/more than 20 character
  2. Password is chosen from a book and tweaked (by change some alphabet into number)
  3. Database file encryption algorithm (default option) : AES/Rijndael (256-bit key, FIPS 197) as

  4. Parameter for Key transformation (default parameter) :

    • Key derivation function : Argon2
    • Iterations : 2
    • Memory : 1 MB
    • Parallelism : 2

P.S. i know there's similar question at How difficult to crack keepass master password?, but it was created before KDBX4 released

P.P.S. parameter above is default parameter generated by KeePass 2.42.1

ilos-vigil
  • 53
  • 7
  • Looks like KDBX4 uses Argon2 while KDBX3.1 uses AES-KDF, [Here](https://keepass.info/help/kb/kdbx_4.html) they say it is to protect better against bruteforce attack, specially GPU based ones, so I would guess it is harder if their Argon2 implementation is not flawed (have not checked, linked also in my link). – bradbury9 Aug 13 '19 at 08:37
  • If you want to avoid your question being closed, you should reformulate it to ask for advice on how to choose good parameters and a good passphrase to protect your KDBX4. Currently, you are asking how to break a specific database, and that's against the rules here. – A. Hersean Aug 13 '19 at 09:14
  • 2
    If you are trying to crack a password that is 20+ characters long, I suggest you first find a cure against dying from old age, because this will take a while. –  Aug 13 '19 at 10:13
  • 3
    How in the world is this off-topic for the reason stated? I can't imagine how a question asking "Is X secure as described?" is somehow a question attempting to break the security of a specific system without showing an understanding of the concepts involved. The question isn't "hai guise pls crack these codez for me kthxbye". – forest Aug 14 '19 at 23:31

1 Answers1

2

KDBX4 can now use Argon2 which is the state-of-the-art in password derivation.

The difficulty to guess the password of a KDBX4 database depends on:

  • The chosen Argon2 parameters, which are poorly advised by Keepass, but still better than the previous AES-KDF. The parameters you describe are very poorly chosen, they will not strengthen by much the resistance of the password.
  • How well was chosen the master password. From what you describe, the password is vulnerable to a dictionary attack.

To summarize, the confidentiality of this database is probably breakable with enough resources (including an appropriate dictionary) in a reasonable amount of time. A proper estimate of the time and financial cost is out of scope here.

A. Hersean
  • 10,046
  • 3
  • 28
  • 42
  • Can you clarify "the process used to build passwords"? Does it mean whether i use secure random function or not? – ilos-vigil Aug 13 '19 at 08:49
  • @ilos-vigil You described constraints on the passwords, but those are useful only if your password is uniformly randomly generated, because then the best attack is brute-force. If the passphrase is generated by a human, to be remembered, which is most likely the case for a master password, then the process used to generate it is needed to *estimate* its strength. If it's generated with diceware, it's strength can be calculated. If it's a (tweaked) phrase from a book, a dictionary attack can be used, making the password extremely weak, even though it complies with your constraints. – A. Hersean Aug 13 '19 at 09:08