Keepass-Enhanced-Security-Configuration icon indicating copy to clipboard operation
Keepass-Enhanced-Security-Configuration copied to clipboard
verified publisher icon onSec-fr

Why recommend 1.x over 2.x ?

Open lucaswitvoet opened this issue 2 years ago • 4 comments

I'm interested why you recommend using 1.x and not 2.x.

Some feature of 2.x seems to improve the security of the database, such as all TOTP way to log into your vault and the presence of Argon2. I could of course understand that you consider less feature = less possible vulnerabilities or that if no vulnerabilities for all those years it means that it should be more secure

I was just curious about it. 🙂

lucaswitvoet avatar Aug 18 '23 14:08 lucaswitvoet

P:S : Je suis francophone, si tu préfères me répondre en français 😅

lucaswitvoet avatar Aug 18 '23 14:08 lucaswitvoet

Hello,

That's a good question.

Everyone will have their own opinion, but indeed keepass 1.x has seen fewer vulnerabilities because it doesn't include certain dangerous features. On the other hand, it essentially loses Secure Desktop as a security mechanism.

As for TOTP, the problem is that this requires the activation of plugins, which are an attack vector. I prefer to use a key (file) in addition to the master password to have 2fa.

I leave this thread open for discussion.

onSec-fr avatar Aug 18 '23 16:08 onSec-fr

Hello, Thank you for this very interesting script. I'd like to know if a version of KeepassXC is possible? 😊

copysolo avatar Aug 20 '23 13:08 copysolo

Hello @copysolo

There is no enforced configuration file in KeepassXC. The config file should be located in %appdata%\KeePassXC\keepassxc.ini ; so it should be possible to create a generic configuration with the desired parameters. However nothing will prevent the user from modifying them from UI.

onSec-fr avatar Aug 25 '23 08:08 onSec-fr