A preview of KeePass 2.35 and its security improvements - gHacks Tech News

A preview of KeePass 2.35 and its security improvements

KeePass 2.35 is the next version of the popular password manager that will introduce a new version of the KDBX file format and security improvements among other things.

KDBX is the file format that KeePass uses for information storage on the device. Version 4 of KDBX features improvements and new capabilities.

KeePass will use the new format eventually, but at first only if certain requirements are met. This is done to give ports of KeePass time to update their versions of the software to support the new format.

Basically, none of the following conditions need to be true:

  1. KeePass uses a different key derivation function than AES-KDF (the default and only used in KDBX 3.1).
  2. Plugins request to store custom header data in the KDBX file.
  3. Plugins request to store custom data in an entry or a group.

If none of the conditions are met, KeePass 2.35 will use the new file format automatically.

KeePass 2.35 and its security improvements

keepass argon2

Probably the biggest change from a security point of view is support for the key derivation function Argon2.

The algorithm won the Password Hashing Competition against 23 candidates. Starting with KeePass 2.35 users of the software can switch the key derivation function from AES-KDF to Argon.

  1. Open KeePass 2.35 or later.
  2. Select File > Database Settings.
  3. Switch to the Security tab.
  4. Locate "key derivation function" on the screen. You may switch to Argon2 (and back to AES-KDF) with a click on the menu.

keepass argon

Once you have selected Argon2 as the key derivation function, additional parameters become available. You may change the number of iterations, memory, and parallelism.

You may increase iterations and memory to make dictionary and brute force attacks harder, but database loading and saving may take more time.

You may use the "test" button to test new values that you enter. KeePass runs tests and displays the time it takes to transform a key in a small window afterwards.

keepass test

Some examples on a device with an Intel Core i7-6700k CPU and 32 Gigabytes of ram.

  • Iterations 2, Memory 1, Parallelism 2: 0.003 seconds
  • Iterations 2, Memory 250, Parallelism 2: 2.97 seconds
  • Iterations 10, Memory 2000, Parallelism 2: 25.257 seconds
  • Iterations 10, Memory 2000, Parallelism 4: 15.601 seconds

The main advantage of Argon2 over AES-KDF is that it provides better resistance against GPI/ASIC cracking attacks.

KeePass' Argon2 implementation supports all parameters that are defined in the official specification, but only the number of iterations, the memory size and the degree of parallelism can be configured by the user in the database settings dialog. For the other parameters, KeePass chooses reasonable defaults: a 256-bit salt is generated by a CSPRNG each time a database is saved, the tag length is 256 bits, no secret key or associated data. All versions of Argon2d (1.0 to 1.3) are supported; KeePass uses the latest version 1.3 by default.

Other KeePass KDBX 4.x changes

Besides support for Argon2, KDBX 4.x will introduce a number of improvements and changes that are outlined briefly below:

  • Improved header authentication -- KDBX 4 uses HMAC-SHA-256 instead of SHA-256 for header authentication. This offers various advantages, one being that KeePass may verify the header before decrypting the remaining data.
  • Improved data authentication -- Similarly, KDBX 4 uses HMAC-SHA-256 instead of SHA-256 for data block authentication which is considered to be more secure and allows KeePass to verify the authenticity of a data block before trying to decrypt it.
  • Plugins may extend the KDBX 4 header , may add other key derivation functions to KeePass 2.35 and later, and may store custom data in entries and groups.
  • The ChaCha20 encryption algorithm is supported with 256-bit key and 96-bit nonce.
  • Inner Header improvements that reduce the database size and improve loading and saving performance.

Additional information on the new format are available on the KeePass website. It is not clear yet when the KeePass 2.35 will be released.

Now You: What's your take on the improvements?

A preview of KeePass 2.35 and its security improvements
Article Name
A preview of KeePass 2.35 and its security improvements
The article looks at the upcoming KeePass 2.35 password manager version and the security improvements that it ships with.
Ghacks Technology News

  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:


    1. Dan said on October 4, 2016 at 8:28 am

      The question is, why? Was there any reason to abandon the AES-KDF? I’ve read the KeePass manual since it was only in the 1.xx version, and I’ve come away impressed with the author’s homebrewed key derivation function. Sure it may not be in the same league as bcrypt or scrypt, but it can be as secure as the PBKDF2 standard.

      Argon2 seems to be aimed at preventing parallelized attacks especially using GPUs. It does look impressive. But I think it may be overkill.

      My main beef with this looming update is breaking backward compatibility. The current KDBX standard is good enough, unless there are undisclosed exploits that the author knows about. I hope that we are not forced to upgrade our KDBX databases while using the newest version of KeePass 2. Just like Veracrypt with its “Truecrypt Mode”.

      1. Ben said on October 4, 2016 at 10:14 am

        > homebrewed key derivation function
        This is the moment, when you should stop trusting a software.

      2. raiden said on October 4, 2016 at 10:49 am

        It doesn’t break backward compatibility, it’s just another option to use if you want

        1. John said on May 5, 2017 at 2:00 am

          It’s an option right now. The KeePass web site says that will change once “all major ports” are updated to work with the v4 DB format. I use iKeePass on my iPhone and I doubt it’s considered a major port. I’m hoping iKeePass will be updated soon but there’s no way to know.

    2. ivanionello said on October 4, 2016 at 7:52 pm

      Only KeePassX, only C++, only Qt.

    3. anonymous said on October 4, 2016 at 9:05 pm

      I wish they would implement a “plausible deniability” feature, where entering one password opens one DB, and another opens another… kind of like a Truecrypt volume hidden within another.

      1. Anonymous said on November 4, 2016 at 3:49 am

        I agree, in this day and age where you can be “compelled” to give your master password, this feature would be beneficial

        1. anon said on April 15, 2017 at 11:35 am

          I agree too, this would be very useful!

    4. CHEF-KOCH said on October 5, 2016 at 10:36 am

      I still trust this software, because alternatives are also not ‘better’ and it’s still not bad it constantly gets new updates and fixes much faster compared to KeePassX (last update feb/march 2016). WHich is imho a good signal, homebrew not means it’s automatically bad, maye it’s improved. Of course it’s an alarm signal to take a closer look into it.

      I guess the replacement was done because better solutions (https://en.wikipedia.org/wiki/HKDF) and not due security itself, most of such attacks anyway need physically acess. So calm down ladies and gentlemen and not spread something without any facts. it’s simply contra productive to say ‘oh maybe there is something’ .. there is always something in each product.

      Let’s wat for the audit and the new build. I still believe it’s a good product.

    Leave a Reply