|
|
|
|
|
|
by bscphil
2270 days ago
|
|
|
Not an expert, but I think I'm decently knowledgeable. The design as outlined in the security section of the readme looks just fine to me, assuming the key is securely derived from the password. I would hope for more emphasis on the importance of choosing a secure master password. Ideally you should be able to treat its hash (which is prepended to the database) as public knowledge, even if in practice you'll keep the database as private as you can. That said, barring an audit by a respectable security firm, I think a lot of eyeballs on an open source project who can confirm that the implementation is correct is the most important thing. For that reason, I don't plan to switch away from Keypass in the near future. |
|
|