So if the pixel 6 was the device with the lowest core count, you would set it to 12 (I think, the pixel had 6 cores, right?) You should set this to the lowest core count of all your devices times 2. Primarily this defends against cracking attempts, in which someone would use a dedicated machine with a relatively small core count. This number represents the amount of threads, a single Argon2 iteration would take. Parallelism: That is what you should start with, when you tweak the settings, since it is fairly easy to configure.
However, lets go over the settings, what to set them to and why. The goal is to set all settings as high as possible without making it impossible to open the vault (in a reasonable time, e.g. I once came across a good website, which documented a way to configure these settings reasonably well. You should generally set these settings according to the hardware you have, on which you want to open your vault of course. Honestly, the standard settings for Argon2 of KeepassXC or other Keepass programms are bad. The really good info starts in the section labeled Protection Against Dictionary Attacks. They give an excellent answer to my questions. Please look the reply from Rl_debugger below. Is there something I am missing or that i am not understanding that makes these settings acceptable with a sufficiently long master password?ĮDIT - I have found some relevant pages answering some of the questions asked in this thread. I didn't think the Pixel 7 processor was that much of a leap over the Pixel 6. I am pretty shocked at the difference in time. A Pixel 7 takes about 7 seconds to open it.
I just can't see how my Pixel 6 would be able to handle anything even remotely close to that considering it takes upwards of 15 to 25 seconds to open file 1. Multiple podcasts have said that the number of iterations should be in the 100,100 range. I think the iterations, which KeepassXC calls transform rounds, is low. Key Derivation Function - Argon2id (KDBX4)įile 2 (mainly used in Keepass) has the follow : I have 2 kdbx files and I am worried that the security settings are not strong enough.įile 1 (mainly used in KeepassXC) has the follow :
0 kommentar(er)
