{"id":60146,"date":"2023-10-13T16:27:13","date_gmt":"2023-10-13T15:27:13","guid":{"rendered":"https:\/\/ekiwi-blog.de\/60146\/keepass-key-transformation-settings-of-the-database-are-weak\/"},"modified":"2023-10-17T16:39:43","modified_gmt":"2023-10-17T15:39:43","slug":"keepass-key-transformation-settings-of-the-database-are-weak","status":"publish","type":"post","link":"https:\/\/ekiwi-blog.de\/en\/60146\/keepass-key-transformation-settings-of-the-database-are-weak\/","title":{"rendered":"KeePass: Key transformation settings of the database are weak"},"content":{"rendered":"<p>After updating KeePass to the latest version it happens that when opening the password file <em>*kdbx<\/em> you get the following message:<\/p>\n<blockquote><p>The key transformation settings of the database are weak.<br \/>\nDo you want to set them to the current default values (remommended)?<\/p><\/blockquote>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-60123\" src=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2023\/10\/keepass-the-key-transformation-settings-of-the-database-are-weak.jpg\" alt=\"Screenshot der englischen Meldung: Key transformation settings of the database are weak\" width=\"650\" height=\"566\" srcset=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2023\/10\/keepass-the-key-transformation-settings-of-the-database-are-weak.jpg 650w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2023\/10\/keepass-the-key-transformation-settings-of-the-database-are-weak-300x261.jpg 300w\" sizes=\"auto, (max-width: 650px) 100vw, 650px\" \/><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of content<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/ekiwi-blog.de\/en\/60146\/keepass-key-transformation-settings-of-the-database-are-weak\/#What_is_this_all_about\" >What is this all about?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/ekiwi-blog.de\/en\/60146\/keepass-key-transformation-settings-of-the-database-are-weak\/#How_to_deal_with_this\" >How to deal with this?<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"What_is_this_all_about\"><\/span>What is this all about?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Clicking on the link &#8220;<em>More information<\/em>&#8221; takes you to an\u00a0<a href=\"https:\/\/keepass.info\/help\/base\/security.html#secdictprotect\" target=\"_blank\" rel=\"noopener\">explanation on the KeePass website<\/a>.<\/p>\n<p>According to the statement, this introduced key transformation increases security, especially for brute force attacks and dictionary attacks. The user&#8217;s master key is transformed with a special derivation function including a random &#8220;<a href=\"https:\/\/en.wikipedia.org\/wiki\/Salt_(cryptography)\" target=\"_blank\" rel=\"noopener\">Salt<\/a>&#8220;. This makes it much harder to crack the password through dictionary attacks and the computational effort is extremely increased.<\/p>\n<p>As the computational overhead for encryption is increased as a result, the password database may open slower on devices with lower computing power, such as weak smartphones.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_to_deal_with_this\"><\/span>How to deal with this?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>So, those whose databases have been running without this &#8220;salt-derivation&#8221; function are advised to do so.<\/p>\n<p>I simply clicked on the <em>&#8220;Yes&#8221;<\/em> button. After that, nothing else happens. You simply save your password file and can continue to work with it as before. This satisfies the recommendation and one can be of the opinion that these internal adjustments have made the password database a bit more secure.<\/p>\n<p>Under <strong><em>File =&gt; Database Settings..<\/em><\/strong> in the tab &#8220;<strong>Security<\/strong>&#8221; you can make and configure the settings yourself. If you compare this with a password database where you have clicked away the message &#8220;<em>Key transformation settings of the database are weak<\/em>&#8220;, you will see that this only has 6,000 iterations and a password file where you have confirmed the message has a whole 600,000 iterations.<\/p>\n<figure id=\"attachment_60139\" aria-describedby=\"caption-attachment-60139\" style=\"width: 488px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-60139\" src=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2023\/10\/keepass-database-setting-security-1.jpg\" alt=\"Screenshot Kee-Pass database settings with 6000 iterations\" width=\"488\" height=\"487\" srcset=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2023\/10\/keepass-database-setting-security-1.jpg 488w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2023\/10\/keepass-database-setting-security-1-300x300.jpg 300w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2023\/10\/keepass-database-setting-security-1-150x150.jpg 150w\" sizes=\"auto, (max-width: 488px) 100vw, 488px\" \/><figcaption id=\"caption-attachment-60139\" class=\"wp-caption-text\">6,000 iterations<\/figcaption><\/figure>\n<figure id=\"attachment_60143\" aria-describedby=\"caption-attachment-60143\" style=\"width: 488px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-60143\" src=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2023\/10\/keepass-database-setting-security-2.jpg\" alt=\"Screenshot Kee-Pass database settings with 600000 iteration steps\" width=\"488\" height=\"487\" srcset=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2023\/10\/keepass-database-setting-security-2.jpg 488w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2023\/10\/keepass-database-setting-security-2-300x300.jpg 300w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2023\/10\/keepass-database-setting-security-2-150x150.jpg 150w\" sizes=\"auto, (max-width: 488px) 100vw, 488px\" \/><figcaption id=\"caption-attachment-60143\" class=\"wp-caption-text\">600,000 iteration steps<\/figcaption><\/figure>\n<p>The more iterations, the more secure, but also the more computationally expensive. Therefore, you have to weigh up what is a good balance between security and the computing power of the devices on which the password file is to be opened.<\/p>","protected":false},"excerpt":{"rendered":"<p>After updating KeePass to the latest version it happens that when opening the password file *kdbx you get the following<\/p>\n","protected":false},"author":2,"featured_media":13584,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1554,1555],"tags":[3347,1602],"class_list":["post-60146","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-en","category-software-en","tag-password","tag-security-en"],"_links":{"self":[{"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/posts\/60146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/comments?post=60146"}],"version-history":[{"count":0,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/posts\/60146\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/media\/13584"}],"wp:attachment":[{"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/media?parent=60146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/categories?post=60146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/tags?post=60146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}