Once the thief in Scenario 2 is in your house, he or she could simply try all the files on your computer (and perhaps use some computer forensic trickery to speed up the search).
Whether the key file should be "hidden" is only a matter of obfuscation. Using a key file and password would address both scenarios above. Here a password would have stopped the thief. Scenario 2 (no password, only key file)Ī thief breaks into your home, opens your computer and unlocks your KeePassXC database with your key file. With a key file, only "half" your password has been picked up by the key logger. Another classic scenario is where a key logger has been used to obtain your password. Had you instead also used a key file (that has never been uploaded to Dropbox) the rogue Dropbox employee would be sitting with only "half" your password, hence cannot unlock your database.
This perpetrator could simply unlock your database with the password. Suppose you store your KeePassXC database in Dropbox and a rogue Dropbox employee has managed to get hold of your password (or been lucky guessing it right). Here are two such scenarios: Scenario 1 (only password, no key file) The reason for doing so is that it will address various scenarios where a password alone or a key file alone would fall short. The purpose of the key file is simply to "automatically" tack on some extra characters to your password. KeePassXC can generate a key file for you and it will be a sequence of 128 random bytes.
That is, if it is a 4 MB large JPEG file it will still be hashed down to a few number of bytes (in comparison to the 4 MB file). The contents of the key file will be hashed anyway before being used together with your password. As long as the key file is sufficiently long and difficult to guess, anything goes.
0 kommentar(er)
