Jonathan White

For one that is weird behavior of the application to do what you suggested. I definitely wouldn't implement a scheme to create and open a bunch of random files in...

Most interesting, I didn't know that line of code was in there. Good catch! And of course I wrote that code 3 years ago lol. It was to address this...

A bug should be filed with KeePass for allowing such a configuration to even happen in the first place. That is an obvious security issue that a hapless user could...

I was going to say the lower limit should be 256-bits. That is the key size for the overall AES algorithm and we hash the contents of the file using...

I am not arguing that point, we should support (and then warn the user of the problem) 0-byte key files. I am also saying this should NOT be possible if...

A short password is one thing (which we now warn you about in upcoming release), however, an empty keyfile is an outright vulnerability. An empty file produces the same easily...

They have the same security, or should I really say the same entropy.

You are conflating the process of brute force guessing with the randomness (entropy) of the database key. If an attacker is truly coming at this with zero knowledge, the password...

It is possible that thunderbird is hiding this window/dialog from us. It also looks like the window is not in focus. Be sure to click the title bar of the...

Honestly, you may have to open a bug report with Thunderbird/Mozilla.