Handling AutoOpen Entries

Jun 28, 2013 at 6:21 PM
Edited Jun 28, 2013 at 6:47 PM
From the SourceForge KeePass discussion at https://sourceforge.net/p/keepass/discussion/329220/thread/49340fda/
I might at least add the feature that when an entry within the AutoOpen group is selected, the database from the entry is opened. However, this means that the main database would be closed. Search across different files wouldn't work either.
That would definitely be a useful function for people who use multiple databases (to reduce sync overhead, to allow some passwords to be selectively shared, etc). It would reduce the usefulness of QuickUnlock, though (if the above feature is added) there are ways to work around that:
  1. The master database (consisting of AutoOpen entries for child databases that contain the actual passwords) can be given a relatively short password, mitigating the security risk by use of a keyfile unique to the mobile device and by setting "Encryption Rounds" as high as the mobile device can handle without excessively slowing down access to the master database (to slow brute-force attacks).
  2. Include an option in the Keepass2Android keyboard special key for saving/typing a character string (stored in volatile memory). Using the string as part of the password basically acts as a small second keyfile that gets erased whenever the device is shut down.
  3. Give each of the keys (at least each of the main alpha keys) a long-press and/or double-tap option (along the lines of the way the shared comma-period key works). This would make it easier to mix in uppercase and special characters by avoiding the need for another keypress, thus greatly increasing the difficulty of brute-forcing a moderate-length key.
Another suggestion: If this feature is implemented, I'd recommend having it work for any entry that is formatted correctly (i.e. the URL is the name of a KeePass database), whether or not it is in the AutoOpen group. That way, a database could include mobile-clickable links without necessarily loading all those databases when opened in desktop KeePass. I'm not sure whether this makes the implementation harder (recognizing the KeePass database URL), or easier (not bothering to check whether an entry is in the AutoOpen group).