-1
Does KeePass have permanent inner key to encrypt data? Or the key for encryption is a password (and keyfile)? On some website I've run eyes over the discusstion about ways to hack KeePass base. One of assumptions was that there are two ways: one to bruteforce the passphrase and other was about to bruteforce the encrypted masterkey. Is there is really permanent inner master key for data encryption?
2it is open source, so everyone that cares can read the source code. If there is a master key in the source code, it would be public, and make the whole thing useless. – Aganju – 2016-07-16T16:03:19.593
I mean master key which can be generated once at password base creation and is encrypted by user password (and keyfile). – Cryptor – 2016-07-16T16:23:29.283
That is what happens by default.... – Ramhound – 2016-07-16T16:30:51.570
I don't understand... Do you mean that when password base is created, the master key is generated? If so is there a way to force KeePass change master key and re encrypt the base when changing user password? Imagine the situation when someone finds out the password, retreives master key. But base owner doesn't know about it and simply keep changing password base once in some period of time... Things aren't good then... – Cryptor – 2016-07-16T16:51:16.683