Em relação à capacidade de usar ' key files
' com KeePass .
In order to generate the 256-bit key for the block ciphers, the Secure Hash Algorithm SHA-256 is used. This algorithm compresses the user key provided by the user (consisting of password and/or key file) to a fixed-size key of 256 bits. This transformation is one-way, i.e. it is computationally infeasible to invert the hash function or find a second message that compresses to the same hash.
The recently discovered attack against SHA-1 doesn't affect the security of SHA-256. SHA-256 is still considered as being very secure.
(há outra atualização recente , mas Eu acho que essas notícias não são relevantes aqui ). > Para o ponto em questão ,
Key Derivation:
If only a password is used (i.e. no key file), the password plus a 128-bit random salt are hashed using SHA-256 to form the final key (but note there is some preprocessing: Protection against Dictionary Attacks). The random salt prevents attacks that are based on pre-computed hashes.When using both password and key file, the final key is derived as follows: SHA-256(SHA-256(password), key file contents), i.e. the hash of the master password is concatenated with the key file bytes and the resulting byte string is hashed with SHA-256 again. If the key file doesn't contain exactly 32 bytes (256 bits), they are hashed with SHA-256, too, to form a 256-bit key. The formula above then changes to: SHA-256(SHA-256(password), SHA-256(key file contents)).
Se você acha que sua senha será um pouco mais fraca (e melhor para sua memória),
o arquivo-chave é um bom segundo fator .
Então, use os dois (juntos).