Can we enhance security by removing the requirement that the database file end in .kdbx ?

[isaacdavenport]

This issue is a

feature request

Steps to reproduce - current behavior

I was hoping to add a layer of security by obsfucation and not have a .kdbx extension on my local filesystem database file which I manually synch to my phone and which exists on my backblaze backup.

If I rename my database.kdbx file from keePass to have no file extension, say just the filename dbk, I can still open it in KeePass, but not in Tusk. If someone hacks into my backblaze account a .kdbx file will be easy to find and place attention on, a random file in a random spot less so.

Operating System: Windows 10 Pro version 1803 build 17134.228 Browser: Chrome Version 68.0.3440.106 (Official Build) (64-bit) Storage: Local file system

[subdavis]

No.

Having no kdbx file extension does not enhance your security; It is an illusion and falls squarely under the practice of "security by obscurity". This is a famous fallacy in the security world.

Either you trust the crypto or you don't -- hiding your file is pointless because of the identifying "magic number" header that every kdbx database has. If I have access to your disk, I can find your KeePass database no matter what you name it.

If you think a malicious attacker has the power to brute force your passwords, some clever file naming isn't going to stop them

[isaacdavenport]

I didn't realize there was an identifying number for filetype in the header. Thanks.

[subdavis]

8 bytes: 0x03, 0xd9, 0xa2, 0x9a, 0x67, 0xfb, 0x4b, 0xb5

Many file formats have magic byte headers: https://en.wikipedia.org/wiki/Magic_number_(programming)#Format_indicator