KeePass: use a key file or a regular password?

I'm setting up a KeePass database and it offers the ability to use a key file, which it says is more secure because it can use a longer and more complex password but is easier to break because you only need the key file to open the database. I'll only be using the key file on 2 computers (one desktop and one laptop), wo which is the best option?

Note that it's definitely more appealing to use the key file for me because i have a hard time remembering anything close to a random password.

RCIX

Posted 2009-08-14T02:16:19.013

Reputation: 5 415

Answers

Regarding the ability to use 'key files' with KeePass.

In order to generate the 256-bit key for the block ciphers, the Secure Hash Algorithm SHA-256 is used. This algorithm compresses the user key provided by the user (consisting of password and/or key file) to a fixed-size key of 256 bits. This transformation is one-way, i.e. it is computationally infeasible to invert the hash function or find a second message that compresses to the same hash.

The recently discovered attack against SHA-1 doesn't affect the security of SHA-256. SHA-256 is still considered as being very secure.

(there is another recent update, but I think such news are not relevant here).
To the point at hand,

Key Derivation:
If only a password is used (i.e. no key file), the password plus a 128-bit random salt are hashed using SHA-256 to form the final key (but note there is some preprocessing: Protection against Dictionary Attacks). The random salt prevents attacks that are based on pre-computed hashes.

When using both password and key file, the final key is derived as follows: SHA-256(SHA-256(password), key file contents), i.e. the hash of the master password is concatenated with the key file bytes and the resulting byte string is hashed with SHA-256 again. If the key file doesn't contain exactly 32 bytes (256 bits), they are hashed with SHA-256, too, to form a 256-bit key. The formula above then changes to: SHA-256(SHA-256(password), SHA-256(key file contents)).

If you think your password is going to be a bit weaker (and better for your memory),
the key file is a good second factor.
So, use both (together).

nik

Posted 2009-08-14T02:16:19.013

Reputation: 50 788

I keep my key file on a LUKS usb drive, so I need a passphrase to open the usb drive but then only the keyfile to open my passwd db on my laptop. Even if the usb somehow gets stolen with my computer the keyfile is still LUKS encrypted. But that scenario is not as likely as someone simply stealing either one or the other (computer or usb drive), neither of which on its own is any good to anyone, as far as cracking my passwd db. – nanker – 2017-02-11T12:20:39.980

I'd take a look at Steve Gibson's commentary on the matter: http://www.grc.com/sn/sn-182.txt

– jasonh – 2009-08-15T08:12:11.320

@jasonh, Wow! you vote me down for suggesting two-factor security, with a Gibson interview reference you have taken from his own site (yeah, I've heard Leo before, fine). Please add your points here as a new answer so people can benefit. – nik – 2009-08-15T08:32:10.670

@jasonh, Did you actually read the parts in bold? – nik – 2009-08-15T08:45:52.313

7Yes, I did. I understand having a second factor, but it's useless here. The keyfile would be kept virtually with the password database itself if you're a mobile user. If you lose control of the database, you've probably lost control of the key file too. As Steve Gibson notes, a key file isn't giving you much additional security, if any. – jasonh – 2009-08-16T03:14:52.217

2A second factor is useful in the example of the PayPal football. In this case you have a physical device and a password. If your password becomes compromised, there is no reason to believe that your football is missing at the same time by default. In comparison, when the goods are a password database and the securing mechanism is simply another file that resides alongside the database itself, what good is it? None. – jasonh – 2009-08-16T03:16:25.457

@jasonh, I read your comments quite late. But, understood your contention. My expectation is that the key file is either not carried with the DB or is encrypted separately. I agree to the weakness of carrying it in clear with the DB -- the second-factor will be lost. – nik – 2009-09-20T06:21:18.497

2+1 for the use key file and master password. So even if they get the db and key file you just have to remember 1 long password. They cannot hack brains yet so get some torture resistance training instead. – Piotr Kula – 2013-01-16T10:03:40.357

Actually, hacking brains is usually how it is done. I can guess your password, because it is obvious. – ctrl-alt-delor – 2014-01-05T19:33:21.513

The whole point is to keep your passwords secure, so this is a no-brainer: password. If you use a key file and you lose control of your password database, your passwords are all exposed.

jasonh

Posted 2009-08-14T02:16:19.013

Reputation: 2 967

4You are always going to be at risk if you store your 'password' somewhere (be it on a sticky note or as a key file). So long as you keep the password in your head (and it is complex enough) then you should be better off. – Sam – 2009-08-14T02:30:56.353

1When using both password and key file, the final key is derived as follows: SHA-256(SHA-256(password), key file contents). Access to file alone is useless. But, knowledge of the password without the file contents makes breaking it more difficult. And, the file also adds a strong salt to your password. – nik – 2009-08-15T08:38:14.717

Use both. Keep your key file in your flash drive and bring it allways with you. But not somwhere on desktop (it is the same as writing password on sticky notes). I'm using this way to my encrypted HDD partition (with truecrypt). So if anybody still somehow get your password, they need keyfile too.

Pawka

Posted 2009-08-14T02:16:19.013

Reputation: 561

1Just make sure to have a backup of your keyfile, as well as the password database itself. If either one of them ever gets corrupted you will need a fresh backup. – Torbjørn – 2009-09-04T04:15:10.433

For a newbie to password management:
Password only
Why?
It cuts your file (mis)management concerns in half and limits it to just one file.
A KeepassX .kdbx db can be secured with a mixed 64 character password. That's plenty of scope to create a long, secure password.
This helps to underline that the (strong) password (in your head) is your primary focus (not where you kept the keyfile etc.).
If you have trouble remembering passwords (of course, we all do) use a password manager (like KeepassX) and you'll only have to remember one good strong one.

dotnetspec

Posted 2009-08-14T02:16:19.013

Reputation: 1

1This doesn't answer the (very specific) question that was asked. – Mokubai – 2017-06-14T06:27:11.173

-1

I have opted for key file use. I have a also created a an email account used specifically to store my keyfile (I do not like hanging around witha USB flash each time I want to access my e-banking account for instance).

If the computer I am using is not my personal one, I simply log in to that email account on the computer I would like to use the key file, then log in to yet another email account which has the most recent version of my .kdbx file.

Lastly, I download KeePass and install it on the PC, use the key and .kdbx along with my Database password and that's it!

Of course, I wipe off both the .kdbx and key file on the PC used.

Roger Johnson

Posted 2009-08-14T02:16:19.013

Reputation: 35

1Yeah pretty useless and most suredly dangerous; especially the part about simply opening your password file on a computer that "is not my personal one." Sheesh. Bad bad as in I can't express how very bad this practice is. I have a work laptop that goes everywhere with me and so while being convenient, because other people (as in IT dept.) "maintain" it, I don't even trust that to store or even open my personal password db on. – nanker – 2017-02-11T12:13:49.343

@nanker how do you use your personal password db on your work laptop then? Do you have both the keyfile and database on a usb key? – RED_ – 2017-03-21T16:05:14.617

2@RED_ I don't ever open my personal keepass DB on my work laptop, no matter how convenient it may seem to be at times. The laptop is pretty loaded for my day-to-day routines and although I have previously tried to determine what all the service running on the laptop are I haven't yet been able to nail them all down. So I can't and don't trust it enough to open my keepass DB on. Call me paranoid I guess, but I feel I am in an informed, happy place as far as my password security goes. – nanker – 2017-03-21T19:32:12.083

10I would consider this bad security practice on many levels. – kluka – 2013-08-13T12:12:44.130