KeepassXC against malware? #11156
-
|
Hi, I'm not an expert in cybersecurity so pardon my lack of technical understanding. I've been thinking about how dangerous would malware such as infostealers be when I'm using keepassXC. Linus Tech Tip's twitter account has gotten hacked recently and it most likely is another infostealer malware that steals info such as passwords and cookies. Here's a video I watched about the situation from a security channel: https://youtu.be/a8SnlJCUleM?si=pDLek5BgttLb-o15 So if my database is locked, obviously the malware wouldn't be able to unlock it even if it steals the encrypted passwords. However, if my keepass database is unlocked and some malware infects my PC, would it be able to just steal all the passwords stored inside? Or is there some mechanism in place that would be able to protect against this? Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
If you have malware actively running on your computer then you should assume that all of your information is compromised. KeePassXC can limit the damage, but if you have lost control of your computer then there is not much any program can do to prevent data loss. |
Beta Was this translation helpful? Give feedback.
-
|
I see. That's a fair assumption. I've been thinking about this because every security expert recommends using a password manager, and I have been using keepassXC for about a year or two by this point. It is definitely more secure to use randomized, long passwords and use the password manager to store/retrieve them. However, the "downside" I commonly hear about is that all your passwords will be behind this one master password. In the event of malware or virus or whatever, is it fair for me to say that it will be potentially more damaging to use a password manager as all passwords will be stolen? Assuming they are able to steal an opened keepass database. To be honest I'm not sure what I'm trying to get at here. I think I'm just thinking of the upsides and downsides of using a password manager, and it is scary to me that all the passwords are stored in just this one file, so if anyone gets their hands on it it's GG. |
Beta Was this translation helpful? Give feedback.
-
|
There's no such thing as "steal an opened keepass database". The decrypted data is only stored in (somewhat protected) memory. The database file itself is always encrypted. When the database is locked, the memory is also cleared as best as possible. If the database is protected with a strong enough passphrase, and someone obtains just the file, it would be nearly impossible to crack. But if you have local malware, it could potentially access the decrypted passwords (and your other data) in all sorts of other ways. If you don't use a password manager, a local malware could just as easily keylog your passwords as you type them manually. Plus your passwords would likely be weaker, and easier to crack individually. |
Beta Was this translation helpful? Give feedback.
-
|
I see. Thank you, that's more or less what I was thinking about. |
Beta Was this translation helpful? Give feedback.
There's no such thing as "steal an opened keepass database". The decrypted data is only stored in (somewhat protected) memory. The database file itself is always encrypted. When the database is locked, the memory is also cleared as best as possible.
If the database is protected with a strong enough passphrase, and someone obtains just the file, it would be nearly impossible to crack. But if you have local malware, it could potentially access the decrypted passwords (and your other data) in all sorts of other ways.
If you don't use a password manager, a local malware could just as easily keylog your passwords as you type them manually. Plus your passwords would likely be weaker, and easier…