Inside This ArticleBeef up your security with a key file
KeePass is one of my favorite free software. It's free, open source, and very
secure. My hat off to Dominik Reichl.
There are three ways to log into the KeePass application. In technical terms, it
is called unlock the password database.
- Use master password.
- Use key-file.
- Use master password and a key-file.
Key-file can be used as an add-on protection for your KeePass database.
To open KeePass, you normally only need a master password. This becomes quite
vulnerable if you take KeePass with you and use it in a non-trusted environment
such as Internet Cafe. You never know if those computers have keyloggers or
other types of spyware programs running in the dark. No matter how complex your
master password is, you expose yourself to the possibility of losing your master
password and KeePass database file.
This is where key-file comes into play. If someone steals your master password
and password database, the database is still secure because the attacker also
needs to steal your key-file to be able to unlock KeePass.
You normally store your key-file somewhere on your PC, or removable disk such as
thumb drive. Key-file can be any existing file or KeePass can create one for
you.
My master password is a random string of characters that contains upper and lower case alphanumeric
characters as well as other keyboard characters. I save this password in a text file and mix it with other
random generated text. I also memorize it.
Never lose your master password and your key-file
I want to repeat this and I will repeat it whenever I can. There is no backdoor
to KeePass that can be explored to recover your master password and key-file.
Security may backfire and cause you more trouble.
How to create key-files and key-disks for KeePass
KeePass allows you to lock your password database by using master password
and/or key-file. When you create a new password database, KeePass optionally
asks you to select a password disk drive (ie. key-disk). Therefore, it is
important to understand the differences between a key-file and a key-disk as
well as how to create them.
The word key, keyfile, key-file can be used interchangeably.
Key-disk
KeePass password database can be locked using a key-disk. A 'key-disk' is just a
normal disk which holds a key-file with password bytes. Note that KeePass can
generate key-disk for you.
Key-file
A keyfile is a file stored on key-disk. If you let KeePass generate the key-file
for you, the default file name is pwsafe.key which is placed on the disk you
specify when setting the master password and/or key-disk drive. You can also
create a key-file manually or select any of your existing files as key-file.
Even an image file can be used as your key-file.
Note: When you just select a disk drive, KeePass assumes that it should load the
'pwsafe.key' file in the root directory of the disk.
If you want, you can also select the key-file (which is stored on the key-disk)
manually. One disk can store multiple keys for multiple databases. In this case,
you have to tell KeePass which file it should use.
Two ways to create a key-file
You can either create your own key-file or let KeePass create the key-disk and thus the key-file.
Create your own key-file
You can use any existing file as your key-file. No matter what file type it is,
KeePass will use it. Follow these steps to create your own key-file.
- On the File menu, click New Database.
- The window 'Create a new password database - Enter master key' should now
open. In this exercise, we will use both master password and an existing
file as key-file to create the access to the password database.
Enter a password into the password field and select the checkbox 'and'. Then
click the link 'Save key-file manually...'.
- Select an existing file as your key-file.
For this demo, we selected square.gif on USB flash drive as the key-file.
Click Save and you should see the disk drive has been changed to
G:\square.gif. Click OK to confirm your selection.
- You are now prompted "A key-file already exists on this drive. Do you
want to overwrite or reuse it?". You should click No (If you click Yes,
KeePass will help you create the key-file). Now KeePass program main window
is opened and you can enter new password entries.
Let KeePass create the key-disk and thus the key-file
You can also make KeePass to create the key-disk for you. This way, KeePass will
create a file pwsafe.key on the disk you specify.
- Select the key-disk drive.
Screenshot below shows we have selected USB drive G: as key-disk to store
the key-file. Click OK to continue.
- Repeat the password.
Because in this exercise we have used both master password and a key-file
for the password database, you will be asked to repeat the password you
entered in previous step.
- Get random data for key generation.
Here KeePass needs your input to generate the key-file. Follow instructions
on the window to get the random data. When done, click OK.
After you click OK, KeePass opens its main program window. In the
background, KeePass should have automatically created a key-file pwsafe.key
on the USB drive - G:\pwsafe.key.
The advantage of using key-disk is that KeePass can automatically search for
the file pwsafe.key on your key-disk next time you open this password
database because KeePass can remember which password database you used last
time. No need to specify the actual file name of the key-file.
The key-disk can also contain key-files of other password databases. To open
these other databases, you have to specify the actual key-file name by using
the link 'Select key-file manually...'.
On next page, we'll see how to back up your KeePass database.
Copyright© GeeksEngine.com
| Inside This Article Related Articles:
Other Recent Articles from the Safe Computing category:
|