I use a keepass password manager with a master password of more than 100 bits. I keep the password file in cloud storage. If an attacker has my password file, it should be difficult for them to brute force the password. Suppose that they have additionally cracked my password for one or more accounts that I have in my password manager, perhaps due to server-side security breaches. Will this help them to crack the master password?
Asked
Active
Viewed 244 times
2
-
How do you think would be able to achieve that? – yeah_well Jul 11 '19 at 08:50
-
@VipulNair I don't know, which is why I ask. Something similar helped the Enigma folks, but contemporary encryption is more advanced. – gerrit Jul 11 '19 at 08:51
-
Can you share the link of that?I will read up – yeah_well Jul 11 '19 at 08:53
-
From wikipedia and from learncryptography.com. – gerrit Jul 11 '19 at 08:55
-
2The attacks the Enigma was vulnerable to are called known-plaintext attacks, because the designers didn't want it to ever encrypt a letter to itself (presumably out of a misguided attempt to increase security...). No modern, accepted encryption algorithms are vulnerable to that type of attack. – Jul 11 '19 at 14:31
1 Answers
2
No, knowing one or multiple passwords doesn't compromise a master password, no matter if these known passwords are derived from the master password or have been generated by the application itself. Here is a nice answer about how hard it actually is to crack a Keepass master password.
As for the comments about Enigma: Enigma doesn't make use of any master password and has been cracked using other methods, see cryptanalysis of the Enigma.
AleksanderCH
- 731
- 4
- 11
- 23