Jul 23 2024 10:40 PM
Keepass Portable version (KeePass-2.xx.zip file) | KeePassDX (Android - Latest - Build Free)
Guidelines for Creating Passwords:
1.) *MOST* newer and legacy systems do not support passwords longer than 64 characters as a rule of thumb (or the full range of printable ASCII Characters)
2.) They MUST also Utilize a Cryptographically Secure Pseudorandom Number Generation Scheme (NIST Random Bit Generation Overview -> https://csrc.nist.gov/Projects/Random-Bit-Generation)
3.) Password Generators Should AVOID Introducing Bias Towards one Range of Characters or an Individual Character at ALL COSTS
4.) No whitespaces, and no Control Characters are allowed -> https://www.unicode.org/charts/PDF/U0000.pdf
5.) The maximum range for all printable characters within the Latin ASCII Character set (Unicode,) is 1-94 Characters in BASE10 / Decimal (0-93 in BASE64 / HEX) -> 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
NOTE: KeePass Seed for Keyfile: 32767 HEX chars (32KB + HASH CRC / Checksum value)
NOTE: VeraCrypt Keyfile: 2^20 (2097152 HEX chars) output directly in raw form to hex editor then save for 1MB file size
NOTE: When using Veracrypt: If a GPT partition on a non-system volume, is created using "Convert GPT" in the Diskpart utility, or with a Diskpart script, delete any reserved partitions on that drive FIRST, and then create a primary partition. This works much better in cross-platform settings, especially with removable drives / mass storage devices, and it also wastes less space.
Useful Links for Password Management on Older Versions of Windows, MS-DOS, PC-DOS, FreeDOS, CP/M, OS/2, some Unix / Linux variants:
Windows Wordpad/Microsoft Word/Office Standards -> https://docs.microsoft.com/en-us/openspecs/standards_support
Windows Code Page 1252 / IBM 437 (Informal standard found in most early x86 PCs and IBM AT/XT clones)
ISO 8859-1 (Standardized version of IBM437) -> https://docs.microsoft.com/en-us/windows/win32/intl/code-pages
Code Page Identifiers -> https://docs.microsoft.com/en-us/windows/win32/intl/code-page-identifiers
ISO/IEC 8859-1:1998 -> https://webstore.iec.ch/publication/11730
Unicode Character Code Charts -> https://www.unicode.org/charts/
Guidelines for Creating a Manual Password List Printout / Sheet / Card:
1.) Always use a monospaced font with a slashed zero
2.) Choose Size 9-10 in Regular or Bold
3.) Examples: Consolas, Cascadia Code, Monaco, Menlo, Roboto Mono, PT Mono, etc -> https://en.wikipedia.org/wiki/List_of_monospaced_typefaces
START:
___PW:
-------0123456789----------0123456789--
+++++++----------++++++++++----------++
CONSOLAS BOLD 12PT < DELETE THIS LINE AFTER
START:
___PW:
-------0123456789----------0123456789--0123456789----------0123456789--
+++++++----------++++++++++----------++----------++++++++++----------++
CONSOLAS BOLD 12PT < DELETE THIS LINE AFTER
Post-Installation Guide for KeePass / KeePassDX ->
Enable FIPS 140 Mode: KeePass.chm -> Technical FAQ - PG# 37/40 -> If all your PCs have the .NET Framework 4.8 or higher installed, you can enable the usage of FIPS-validated algorithm implementations by opening the 'KeePass.exe.config' file using a text editor and deleting the line '<enforceFIPSPolicy enabled="false" />'.
Options -> Security -> Clipboard auto-clear time (seconds; main entry list): 5
Options -> Security -> General -> Lock workspace when locking the computer or switching the user
Options -> Security -> General -> Lock workspace when the computer is about to be suspended
Options -> Security -> General -> Lock workspace when the remote control mode changes
Options -> Security -> Clipboard (Main Entry List) -> Clear clipboard when closing KeePass
Options -> Security -> Clipboard (Main Entry List) -> Do not store data in the Windows clipboard history and the cloud clipboard
Options -> Security -> Clipboard (Main Entry List) -> use 'Clipboard Viewer Ignore' clipboard format
Options -> Security -> Advanced -> Use native library for faster key transformations
Options -> Security -> Advanced -> Enter master key on secure desktop
Options -> Security -> Advanced -> Clear master key command line parameters after using them once
Options -> Security -> Advanced -> Remember master password (in encrypted form) of a database while it is open
Options -> Policy -> Plugins
Options -> Policy -> Auto-Type
Options -> Policy -> Auto-Type - Without Context
Options -> Interface -> Main Window -> Minimize to tray instead of taskbar
Options -> Interface -> Main Window -> Minimize main window after performing auto-type
Options -> Interface -> Main Window -> Minimize main window after locking the workspace
Options -> Interface -> Main Window -> Hide 'Close Database' toolbar button when at most one database is open
Options -> Interface -> Entry List -> Use alternating item background colors
Options -> Interface -> Entry List -> When selecting an entry, automatically select its parent group, too
Options -> Interface -> Entry List -> When showing dereferenced data, additionally show references
Options -> Interface -> Dialogs -> Show confirmation dialog when moving entries/groups to the recycle bin
Options -> Interface -> Dialogs -> Show results of database maintenance in a dialog
Options -> Interface -> Dialogs -> Show confirmation dialog when opening a database file whose minor format version is unknown
Options -> Interface -> Advanced -> Require password repetition only when hiding using asterisks is enabled
Options -> Interface -> Remember recently used files: 1
Options -> Integration -> System-wide hot keys -> Global auto-type: None
Options -> Integration -> System-wide hot keys -> Global auto-type - password only: None
Options -> Integration -> System-wide hot keys -> Auto-type selected entry: Ctrl+Alt+Shift+A
Options -> Integration -> System-wide hot keys -> Show KeePass window: None
Options -> Advanced -> Start and Exit -> Remember and automatically open last used database on startup
Options -> Advanced -> Start and Exit -> Limit to single instance
Options -> Advanced -> Start and Exit -> Start minimized and locked
Options -> Advanced -> Auto-Type -> Always show global auto-type entry selection dialog
Options -> Advanced -> Auto-Type - Sending -> Prepend special initialization sequence for Internet Explorer windows
Options -> Advanced -> Auto-Type - Sending -> Send Alt keypress when only the Alt modifier is active
Options -> Advanced -> Auto-Type - Sending -> Ensure same keyboard layouts during auto-type
Options -> Advanced -> Auto-Type - Sending -> Allow interleaved sending of keys
Options -> Advanced -> Auto-Type - Sending -> Cancel auto-type when the target window changes
Options -> Advanced -> Auto-Type - Sending -> Cancel auto-type when the target window title changes
Options -> Advanced -> File Input/Output Connections -> Verify written file after saving a database
Options -> Advanced -> File Input/Output Connections -> Use file transactions for writing databases
Options -> Advanced -> File Input/Output Connections -> Use file transactions for writing configuration settings
Options -> Advanced -> File Input/Output Connections -> Extra-safe file transactions (slow)
Options -> Advanced -> Automatically search key files
Options -> Advanced -> Remember key sources (key file paths, provider names, ...)
Options -> Advanced -> Remember working directories
Options -> Advanced -> Remember password hiding setting in the main window
Options -> Advanced -> Remember password hiding setting in the entry editing dialog
Options -> Advanced -> Mark TAN entries as expired when using them
Misc: Enable Rearranging Entries: View -> Sort By -> No Sort
NOTE: The following 4 settings must be Enabled to modify or create a new Database, though after any changes are saved, they must be disabled before exiting the program
NOTE: New changes require you to selectively enable these settings, without entering in the master key, and then restart the program
1.) Options -> Policy -> New Database
2.) Options -> Policy -> Save Database
3.) Options -> Policy -> Change Master Key
4.) Options -> Policy -> Change Master Key - No Key Repeat
File -> New...
Database Settings -> General -> Database name
Database Settings -> Security -> Database file encryption algorithm: AES/Rijndael (256-bit key, FIPS 197)
Database Settings -> Security -> Key derivation function: AES-KDF
Database Settings -> Security -> Iterations:
Example Iterations:
Start Menu -> Run -> Calc
Calc -> Menu -> Scientific
Calc -> 2 -> xY (exponent) -> 20 -> = -> 1048576 -> M+ (Memory add)
1.) Calc -> MR (Memory recall) -> x or * (multiply) -> 64 -> = -> 67108864 ( Average Delay Time -> Multicore PC: 1-2 Seconds )
1A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
2.) Calc -> MR (Memory recall) -> x or * (multiply) -> 128 -> = -> 134217728 ( Average Delay Time -> Multicore PC: 2-2.5 Seconds )
2A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
3.) Calc -> MR (Memory recall) -> x or * (multiply) -> 256 -> = -> 268435456 ( Average Delay Time -> Multicore PC: 4-4.5 Seconds )
3A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
4.) Calc -> MR (Memory recall) -> x or * (multiply) -> 384 -> = -> 402653184 ( Average Delay Time -> Multicore PC: 7-7.5 Seconds )
4A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
5.) Calc -> MR (Memory recall) -> x or * (multiply) -> 512 -> = -> 536870912 ( Average Delay Time -> Multicore PC: 9-9.5 Seconds )
5A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
6.) Calc -> MR (Memory recall) -> x or * (multiply) -> 768 -> = -> 805306368 ( Average Delay Time -> Multicore PC: 14-14.5 Seconds )
6A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
7.) Calc -> MR (Memory recall) -> x or * (multiply) -> 1024 -> = -> 1073741824 ( Average Delay Time -> Multicore PC: 18-19.5 Seconds )
7A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
8.) Calc -> MR (Memory recall) -> x or * (multiply) -> 1536 -> = -> 1610612736 ( Average Delay Time -> Multicore PC: 28-28.5 Seconds )
8A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
9.) Calc -> MR (Memory recall) -> x or * (multiply) -> 2048 -> = -> 2147483648 ( Average Delay Time -> Multicore PC: 37-38.5 Seconds )
9A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
10.) Calc -> MR (Memory recall) -> x or * (multiply) -> 4096 -> = -> 4294967296 ( Average Delay Time -> Multicore PC: 75-76 Seconds )
10A.) Calc -> MC (Memory Clear)
10B.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear)
11.) Calc -> Edit -> History -> Clear
11A.) Alternate: Calc -> Right Panel (History Tab) -> Trash Can icon in the bottom right corner (Clear)
NOTE: On most mid-range smartphones, ranges 3-7 can often take anywhere between 2-10 minutes to decrypt
Database Settings -> Compression: Gzip
Database Settings -> Advanced -> Limit number of history items per entry: 0
Database Settings -> Advanced -> Limit history size per entry (MB): 0
Database -> Right Click -> Add Group...
NOTE: More sensitive passwords typically only work with Option #2, and require Two-channel auto-type obfuscation to be disabled
NOTE: Most things work with Option #2 and Two-channel auto-type obfuscation enabled in a browser
NOTE: Option #1 works with the majority of logins for game launchers and other similar software
NOTE: In most situations, Option #2 with Two-channel auto-type obfuscation enabled will be the default choice
Option #1 -> Add Group -> Auto-Type -> Override default sequence -> {USERNAME}{TAB}{PASSWORD}{ENTER}
Option #2 -> Add Group -> Auto-Type -> Override default sequence -> {PASSWORD}
Database -> <Entry Name> -> Edit Entry...
Edit Entry -> Username
Edit Entry -> Password
Edit Entry -> Repeat
NOTE: The easiest way to set it up is assign groups with a special ruleset so post-setup configuration is easier later on
Edit Entry -> Auto-Type -> Enable auto-type for this entry
Edit Entry -> Auto-Type -> Inherit default auto-type sequence from group
NOTE: In some cases you might have to bypass the rules for individual entries to maintain a cohesive layout within the group
NOTE: This is if the software does not allow you to tab between fields, or copy paste (security software is like this.)
Option #1 -> Edit Entry -> Auto-Type -> Override default sequence -> {USERNAME}{TAB}{PASSWORD}{ENTER}
Option #2 -> Auto-Type -> Override default sequence -> {PASSWORD}
NOTE: You have to manually enable or disable this for each entry within each group:
Edit Entry -> Auto-Type -> Two-channel auto-type obfuscation
Practical Considerations / Choices for the Most Frequently Used KeePass Group Settings Templates / Layouts:
1.) Most common for computer software on a desktop / laptop (2.) Common for browser logins, and some computer software, which is easier to use in conjunction with the "Auto-Type Selected entry" hotkey combination
3.) Most common for security software / programs / poorly-designed web page logins (4.) The least common type of group layout
NOTE: If you are using KeePass to create a database to export to KeePassDX, layout #2 or #3 save the most time when manually editing entries.
1A.) ENABLE: Add Group -> Auto-Type -> Override default sequence -> {USERNAME}{TAB}{PASSWORD}{ENTER}
1B.) ENABLE: Edit Entry -> Auto-Type -> Enable auto-type for this entry
1C.) ENABLE: Edit Entry -> Auto-Type -> Inherit default auto-type sequence from group
1D.) ENABLE: Edit Entry -> Auto-Type -> Two-channel auto-type obfuscation
2A.) ENABLE: Add Group -> Auto-Type -> Override default sequence -> {PASSWORD}
2B.) ENABLE: Edit Entry -> Auto-Type -> Enable auto-type for this entry
2C.) ENABLE: Edit Entry -> Auto-Type -> Inherit default auto-type sequence from group
2D.) ENABLE: Edit Entry -> Auto-Type -> Two-channel auto-type obfuscation
3A.) ENABLE: Add Group -> Auto-Type -> Override default sequence -> {PASSWORD}
3B.) ENABLE: Edit Entry -> Auto-Type -> Enable auto-type for this entry
3C.) ENABLE: Edit Entry -> Auto-Type -> Inherit default auto-type sequence from group
3D.) DISABLE: Edit Entry -> Auto-Type -> Two-channel auto-type obfuscation
4A.) ENABLE: Add Group -> Auto-Type -> Override default sequence -> {USERNAME}{TAB}{PASSWORD}{ENTER}
4B.) ENABLE: Edit Entry -> Auto-Type -> Enable auto-type for this entry
4C.) ENABLE: Edit Entry -> Auto-Type -> Inherit default auto-type sequence from group
4D.) DISABLE: Edit Entry -> Auto-Type -> Two-channel auto-type obfuscation
File -> Save
Disable: Options -> Policy -> New Database
Disable: Options -> Policy -> Save Database
Disable: Options -> Policy -> Change Master Key
Disable: Options -> Policy -> Change Master Key - No Key Repeat
Right-Click System Tray Icon -> Lock Workspace
File -> Exit
KeePassDX -> Gear Icon (Top Right Corner) -> App settings
Enable: Delete password
Disable: Write-protected
Enable: Keep screen on
Enable: Show lock button
Generated Password size: 64
Enable: Hide passwords
Enable: Remember databases locations
Enable: Remember keyfile locations
Enable: Show recent files
Enable: Hide broken database links
KeePassDX -> Gear Icon (Top Right Corner) -> Form filling
Device keyboard settings -> Manage Keyboards -> ENABLE: Magikeyboard (KeePassDX)
Enable: Magikeyboard settings -> Entry: Entry selection
Enable: Magikeyboard settings -> Keys: Auto key action
Optional: Enable: Magikeyboard settings -> Switch Keyboard: Auto key action
Enable: Autofill settings -> Manual selection
KeePassDX -> Gear Icon (Top Right Corner) -> Advanced unlocking
Enable: Device credential unlocking
Enable: Auto-open prompt
Delete encryption keys (useful only if you have to generate / import a new database layout)
NOTE: After you reboot the device / smartphone, you have to log into the database, making sure to tap the orange circle emblazoned with a lightning bolt afterwards
NOTE: Save your database ( 3 vertical dots in the top-right corner -> Save data )
KeePassDX -> Gear Icon (Top Right Corner) -> App settings
Enable: Write-protected (Only Enable after saving a working configuration)
NOTE: The Following List Describes a Process for Inputting Database Entries into the Password Field on a Login Screen / Prompt / Form:
1.) Enter in the username for the login credentials if necessary / based on entry / group layout
3.) Enable the keyboard using the following line below
3A.) Settings (Android UI) -> Language & input -> Current keyboard -> Switch from Gboard to Magikeyboard (KeePassDX)
2.) Switch to KeePassDX and select the entry from the database
4.) Switch back to the login screen on the app and click the button with 3 stars / asterisks on it ( *** )