So probably pretty safe, however I still agree, change every password today. Even if the hacker were lucky and hit it in the first 1%, it's still around 2000 years. So at 150k hashes/second it would nearly 250,000 years to run through every available password. Not bad, but that actually is quite a bit under where you want to be for a "Master" password (where you want Entropy over 100 bits).
Not knowing the specifics of the password, but lets assume a typical upper/lower case, numbers and some characters, that gives you an entropy of around 60.
Which is actually pretty good, some of the oldest encryption methods can be cracked at the rate of 10-30-50 Billion hashes per second. Looking at the benchmarks, it looks like an 8xGPU setup with KeePass2 will run around 150k hashes a second. So for S and G's, let's take a look at a 10 digit passwords using Keepass2 encryption with an 8xGPU rig using HashCat. If you want to drive that likelihood/accessibility factor to near zero, change the passwords for all of the sensitive credentials you manage with KeePass, and sleep like a baby. Is the data that might be put at risk with the compromise of those things in your KeePass db valuable enough to warrant the Amazon compute time it would take to crack your password? Probably not, so the likelihood factor in the risk equation goes way down, because that's the only way the actors are going to get in without out having that master key. Other than going off the grid, I cannot think of anything else to do.Īs others have noted, KeePass's encryption is not the weak spot, key management is. My laptop, which is the only other device with OneDrive on it, is encrypted in the SSD and using Windows 10 encryption for the folder with the KeePass file in it, I have MFA on Office 365 to prevent remote access to my OneDrive folders. If anyone gets past my armored front door and alarm system and gets it all, I still can manually change all critical passwords and negate them if one were to break the layers of encryption. Kingston DataTraveler Vault Privacy 3.0 hardware-encrypted USB drive that never leaves the house, and is only plugged in when needed. My WatchGuard password KeePass file is separate, and my banking KeePass file my wife uses is on her own I also have a less-critical-password file on my desktop in my OneDrive folder, which has vendor account logins and the like. If it gets stolen or lost, the finder has 10 tries to get into it, at which point it wipes the drive. I have a Kingston DataTraveler Vault Privacy 3.0 hardware-encrypted USB drive (256-bit AES hardware-based encryption in XTS mode) with my QuickBooks backup and my KeePass critical database file on it.
0 kommentar(er)
