after X failed attempt, (a) Delete Database file (b) delay another try after x mins

keepassxreboot / keepassxc

KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.

https://keepassxc.org/

Other

21.39k stars 1.48k forks source link

after X failed attempt, (a) Delete Database file (b) delay another try after x mins #11436

Closed ck0099 closed 2 weeks ago

ck0099 commented 2 weeks ago

Summary

Just incase your macbook get stolen, you will feel safe the hacker will never break the database? Potential Protection Mechanism - after X failed attempt of password: (a) Delete Database file or (b) delay another try after x mins, and consecutively make the delay longer.

Examples

KeePassXC installed on macbook.
Key file is also stored on macbook.
Hacker use bruteforce app (can be simply created with python) to hack the password.

Context

ck0099 commented 2 weeks ago

Dear Sir, I thought this is a very good security features that, just incase macbook got stolen, you don't need to worry that the database gets bruteforce hack?

michaelk83 commented 2 weeks ago

It's trivial to circumvent by just copying the database file before trying to unlock. The protection against bruteforce is to use a strong passphrase.