I apologize in advance if this is the wrong community for this post. If so, please point me in the right direction of where I should post this.


I’m thinking of trying out KeePassXC, and, when creating a new database, I came across the following settings:

Some of this is somewhat self explanatory to me (“Encryption Algorithm”, and “Key Derivation Function”), but some of it not so much – namely, “Transform Rounds” (I’m assuming that “Memory Usage”, and “Parallelism” are more specific, not to the database on the whole, but, instead, to the decryption itself within the app, or, maybe, even just for the benchmark). What exactly is “Transform Rounds”? Does it mean that the passwords are encrypted over, and over again, in attempt to protect against dictionary attacks? I haven’t been able to find any concrete information.

  • WalterLatrans@yiffit.net
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    I don’t know anything specifically about KeePassXC but it’s my understanding that a transform round is some computationally expensive task that can be preformed as many times as desired, but must be preformed the same number of times to decrypt as well. The point being to slow down any attempts at brute forcing access to you database if someone gets a hold of your encrypted DB file. For example say it takes one second to derive the proper DB access key from the password you entered to unlock the app, that doesn’t really matter to you logging in as almost no one is going to notice a one second delay in logging in. But if some one else gets a hold of your encrypted password DB then they have to wait one second for every password they try, making brute forcing the DB file practically impossible given you’ve chosen an adequate password.

    Ideally you’d choose something which gives a delay not too inconvenient for you when logging in, but enough to thwart the person who might try and brute force the password even if they’re using more powerful hardware.