Analysis of encryption mechanism in KeePass Password Safe 2.30

2016 10th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID) Pub Date : 2016-09-01 DOI:10.1109/ICASID.2016.7873914

Hengwei Zhang, Jingxin Hong, Jun Hu

{"title":"Analysis of encryption mechanism in KeePass Password Safe 2.30","authors":"Hengwei Zhang, Jingxin Hong, Jun Hu","doi":"10.1109/ICASID.2016.7873914","DOIUrl":null,"url":null,"abstract":"In the Internet era, there are a lot of places that require a password, such as login forum, e-mile, MSN, etc. How to effectively remember the password? It has become a required course to people. KeePass Password Safe is designed to solve the problem that human can't remember so many passwords, which contains a strong password generation engine and encryption storage function, and provides a secure password storage space, As a result, people may manage all the password safely only need to remember an initial password, and the security of the document mainly through the software's own encryption functions to ensure. But with the new method of crack and the speed of the computer running speed, its security has been on a risk. In this paper, we analyzed the latest version of KeePass encryption/decryption mechanism, and then designed a comparison experiment with earlier version, the experiment used brute-force means to recover the password on CPU-based platform and GPU-based platform respectively. We analyzed the security of KeePass through the experiment result at last.","PeriodicalId":294777,"journal":{"name":"2016 10th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID)","volume":"330 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 10th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICASID.2016.7873914","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

In the Internet era, there are a lot of places that require a password, such as login forum, e-mile, MSN, etc. How to effectively remember the password? It has become a required course to people. KeePass Password Safe is designed to solve the problem that human can't remember so many passwords, which contains a strong password generation engine and encryption storage function, and provides a secure password storage space, As a result, people may manage all the password safely only need to remember an initial password, and the security of the document mainly through the software's own encryption functions to ensure. But with the new method of crack and the speed of the computer running speed, its security has been on a risk. In this paper, we analyzed the latest version of KeePass encryption/decryption mechanism, and then designed a comparison experiment with earlier version, the experiment used brute-force means to recover the password on CPU-based platform and GPU-based platform respectively. We analyzed the security of KeePass through the experiment result at last.

查看原文本刊更多论文

KeePass Password Safe 2.30加密机制分析

在互联网时代，有很多地方需要密码，比如登录论坛、e-mile、MSN等。如何有效记忆密码?它已经成为人们的必修课。KeePass密码保险箱是为了解决人类不能记住这么多密码的问题而设计的，它包含了强大的密码生成引擎和加密存储功能，提供了一个安全的密码存储空间，这样人们就可以安全地管理所有的密码，只需要记住一个初始密码，而文件的安全性主要通过软件本身的加密功能来保证。但是随着新的破解方法的出现和计算机运行速度的加快，其安全性受到了威胁。本文对最新版本的KeePass加解密机制进行了分析，并设计了与早期版本的对比实验，实验分别在基于cpu平台和基于gpu平台上采用暴力破解的方式进行密码恢复。最后通过实验结果对KeePass的安全性进行了分析。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 10th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID)

自引率

0.00%

发文量