Name of Software/Product
Keepass 2.29
Advantages
Secure desktop passed all test.
Two-Channel auto-type obfuscation revealed a small portion of password.
Disadvantages
Keepass's default method of data entry is vulnerable to keyloggers.
Joined
May 12, 2015
Messages
2
#1
Bottom Line
Enable non-default settings to help prevent data theft.
Hello, friends of Malwaretips! I was curious about Keepass's ability to keep my passwords safe primarily when entering my account credentials, and decided to look into a couple non-default settings. The two functions I checked out are secure desktop and two-channel auto-type obfuscation. I will compare these to Keepass's default data entry methods: default master password entry, copying username and password then pasting, and default auto-type.

The first of the two functions is Keepass's secure desktop. This non-default setting suppresses applications and programs that are running on your computer when you enter your master key at startup. Your desktop is greyed out, and you are greeted with a normal box to type in your master password. Once entered, the greyed out desktop goes away and you may enjoy regular computer usage again. You may read more about its weaknesses, limitations, and compatibilities here. http://keepass.info/help/kb/sec_desk.html

This can be enabled by going through Tools > Options > Enter master key on secure desktop.



This is what it looks like when enabled.



Next on our adventure is Keepass's two-channel auto-type obfuscation! What this does is when auto-typing your credentials in a form the program randomly pastes and types in your credentials. This is much better than the alternatives like copying and pasting and the default auto-type. This option is enabled on an account by account basis. More indepth information may be read here. http://keepass.info/help/v2/autotype_obfuscation.html

Enable it by right clicking on an account > Edit/View Entry > Auto-Type > Two-channel auto-type obfuscation.



Next, is the setup. I put Keepass 2.29 up against five keyloggers: Actual Keylogger, Any Keylogger, Award Keylogger Pro, Elite Keylogger, Kidlogger, and Spyrix Personal Monitor. Unfortunately, I did not write down what versions the Keyloggers were. I tested these in VirtualBox's virtual machine environment with Windows 8.1 64-bit. I tested Keepass against one keylogger at a time, and when I finished testing the keylogger I loaded a clean virtual machine.

This paragraph focuses on the key to the table below. The colors are from the point of view if you were using Keepass. The text describes what the keylogger did. Red means that the keylogger was able to capture the credentials entered. Orange means that the keylogger captured a small portion of the username and password that is in a random order. So, if my username is Michael123, keyloggers will capture something like hc32M. Lastly, the green color signifies that the keylogger did not capture any information.




Conclusion
Overall, the default ways to enter username and passwords from Keepass should not be trusted. Users should switch to the secure desktop, and use two-channel auto-type obfuscation whenever they can. Copying and pasting your credentials should never be used. With regards to the two-channel auto-type obfuscation, weaker passwords are easier to find out because part of the password is revealed to the keylogger. The longer your password is, less is revealed when using two-channel auto-type obfuscation.
 
Last edited:
H

hjlbx

Guest
#2
I don't trust any software - especially antivirus software against keyloggers. Time and time again I see them fail - especially on 64-bit systems.

Anti-keylog protections are pretty much non-existent from what I see...
 

Oxygen

Level 42
Verified
Joined
Feb 23, 2014
Messages
3,132
Operating System
Windows 10
Antivirus
Emsisoft
#3
I don't trust any software - especially antivirus software against keyloggers. Time and time again I see them fail - especially on 64-bit systems.

Anti-keylog protections are pretty much non-existent from what I see...
I agree with this seeing as they fail most of the time anyways.
 

jamescv7

Level 61
Verified
Joined
Mar 15, 2011
Messages
12,637
Operating System
Windows 10
Antivirus
Windows Defender
#4
Most antivirus only take it for granted like providing virtual keyboard which aren't sure how it can secure from keystrokes for maintainance besides detection based.
 

bjm_

Level 4
Verified
Joined
May 17, 2015
Messages
175
Operating System
Windows 10
Antivirus
Windows Defender
#5
Why not simply Encrypt Master Key
Enter Master Key.png