Comments (3)
keepassium
commented on July 4, 2024
1
What is the benefit of separate password for each field, as compared to a passcode for the app + database password?
from keepassium.
keepassium
commented on July 4, 2024
1
Your description/terminology differs a bit from the standard terminology of KeePass ecosystem, so there is still quite some space for misunderstanding left. For instance: there is no metadata; the master key is used for encrypting the database file as a whole; without the master key, there is only an encrypted binary blob of a file.
But we can pretty much stop at the premise:
Imagine this scenario: some background process could be cloning my cell phone.
What exactly you mean by "cloning my cell phone"?
If there is a background process that copies device files to a cloud — which process is otherwise known as iCloud Backup — this is not an issue. Database files are always encrypted and completely useless without the master key.
If you mean a background iOS process that makes a memory (RAM) dump of the device — well, the game is over. If you expect a malicious iOS process capable of running in background for long time, breaking out of its sandbox, and accessing physical memory of another process — this is a multi-combo of three major vulnerabilities. For threat actors of this level, you would need completely different tools (air-gapped devices, one-time pads, underground bunkers, etc)
from keepassium.
stokebreakup
commented on July 4, 2024
What is the benefit of separate password for each field, as compared to a passcode for the app + database password?
good question. Imagine this scenario: some background process could be cloning my cell phone. How can I prevent people from accessing other information even with a full copy of the key stored on my device?
If there is an individual password for each field, this means that even if they copy my key and data, they would have to take the time to decrypt each field.
Even if they copy my data, the key for each field is necessary and does not depend on whether or not I have the master key. One thing is the master key to access the application, and therefore read and write data securely. It's another completely different thing to have access to metadata. To access other metadata I can have a password for each field (this could be done with otp(one time password), If you don't have the device and the master password, it becomes irrelevant to clone your cell phone remotely or in person).
Does what I said here make sense?
from keepassium.
Related Issues (20)
- Some USB YubiKeys could be processed incorrectly HOT 1
- Group editor broken for KDB files in 1.50
- No sync if file set to unreachable HOT 4
- Autofill Memory Limits exceeded on relatively small database HOT 5
- Large icons may bloat when added as custom icons HOT 1
- Make NFC YubiKeys available in iOS AutoFill HOT 1
- Auto clear application data if the wrong pin is entered repeatedly HOT 4
- Permanent error message - DB is not “available” HOT 5
- Password quality meter is too optimistic for the estimated entropy
- Password Generator separator breaks ui HOT 5
- TOTP autofill? HOT 2
- Password does not hide correctly after locking iPhone HOT 1
- Allow showing Tags in Entry Subtitle HOT 4
- Option for keeping the window open during new entry HOT 2
- Entry title missing on iPad's right panel
- Cannot use different WebDAV credentials for the same host HOT 2
- Entry tags disappear after OTP setup.
- MEGA.nz Files app integration HOT 7
- macOS: TouchID prompt not in Focus HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from keepassium.