Password Manager KeePass 2.55 warns users about weak security settings
A new version of the password manager KeePass is now available. KeePass 2.55 is a smaller release that improves security, imports and introduces some new features to the application.
The new version is already available for download. Users still have the choice between an installer and a portable version. The installer may update any existing installation to the latest version.
Selecting Help > About KeePass in the interface displays the current version. There is also Help > Check for updates, which runs a check for updates. KeePass does not include automatic update capabilities though.
KeePass 2.55
KeePass users who create new encrypted password databases using AES-KDF, one of the supported algorithms, benefit from an increased default number; this improves protection against brute force and guessing attacks. The new number of iterations is 600000.
Existing users may get a notification when they open one of their databases. This happens if the value of iterations is smaller than the new default value. A click on yes upgrades iterations immediately.
The new setting can be turned off under Tools > Options > Security > Show warning when the key transformation settings are weak.
Selecting File > Database Settings > Security in KeePass displays the current encryption algorithm that is used and an option to change its iterations or migrate to another algorithm entirely. We recommended changing the number of iterations for AES-KDF back in February or switching to Argon instead.
Password imports from several third-party password managers have also been improved. Google Chrome and mSecure CSV imports support new formats now, and imports from 1Password support the new password field/type as well.
KeePass makes a few usability improvements next to that. Changes made to the HTML export and print dialog are remembered now by the application. KeePass is now also highlighting the option that it will use when users select "do not show this dialog again". Report dialogs may be closed with a tap on the Esc-key in the new version.
A new feature is the compare entries command, which enables users of the software to compare two entries.
You can check out the full changelog here.
Verdict
KeePass 2.55 may be a lighter release, but it improves default iterations for one of its core algorithms and informs users if the current iteration count is smaller than the new default. A single-click on "yes" updates the iteration count of the database, which improves security against brute force and guessing attacks.
There is also the nice option “1 second delay” on the security tab which automatically compute the number of iteration taking one seconds. On my i5-1155G7 I’m at 17 millions which sounds much higher than 600k.
The new default still seems low. Mine was set to 1000000 and opens reasonably fast on a 13+ year old CPU.