There's the rub in some usage scenarios I think. To the extent you keep opening of the Truecrypt container to a minimum of course. If you not only put the KeePass database file in there but also a portable version of KeePass, you also obscure the fact that you use KeePass. Maybe this concern might be trivial for many of us, but I am not a security expert.beside the fact that maybe it's a bit paranoid concern and this does not surprise myself.Ĭlick to expand.I kind of like that approach in general because it creates an additional fence around the password information and puts the password database file inside a larger file or non-file which might not be so easy to upload. Or having a different psw for the two "files" would be more secure? ![]() I think, but here I am glad to listen to your comments, that if an attacker can break keepass and get its master password, the TC container will be accessible anyway (or using the same psw or finding its psw in the keepass database). Should I change my TC master psw to a more secure one and store it in keepass or should I keep things as they are? I also have a TC container, with the same master psw of keepass. Its master psw is a 21 digits passphrase, meaning about 110bits, according to keepass psw engine. ![]() ![]() Just to give you a clearer picture: I use keepass for storing all passwords. While on the plain today, heading to Spain, I was thinking about what is best for security when using Keepass and Truecrypt, as I actually do on my pc.
0 Comments
Leave a Reply. |