Keepass Vs. Keyloggers

Product name
Keepass 2.29
Pros
  • Secure desktop passed all test.
    Two-Channel auto-type obfuscation revealed a small portion of password.
CONS
Keepass's default method of data entry is vulnerable to keyloggers.
BOTTOM LINE
Enable non-default settings to help prevent data theft.

LightningBouquet

New Member
Thread author
May 12, 2015
2
Hello, friends of MalwareTips! I was curious about Keepass's ability to keep my passwords safe primarily when entering my account credentials, and decided to look into a couple non-default settings. The two functions I checked out are secure desktop and two-channel auto-type obfuscation. I will compare these to Keepass's default data entry methods: default master password entry, copying username and password then pasting, and default auto-type.

The first of the two functions is Keepass's secure desktop. This non-default setting suppresses applications and programs that are running on your computer when you enter your master key at startup. Your desktop is greyed out, and you are greeted with a normal box to type in your master password. Once entered, the greyed out desktop goes away and you may enjoy regular computer usage again. You may read more about its weaknesses, limitations, and compatibilities here. http://keepass.info/help/kb/sec_desk.html

This can be enabled by going through Tools > Options > Enter master key on secure desktop.
XoWtxmF.png



This is what it looks like when enabled.
rc8pNIz.png



Next on our adventure is Keepass's two-channel auto-type obfuscation! What this does is when auto-typing your credentials in a form the program randomly pastes and types in your credentials. This is much better than the alternatives like copying and pasting and the default auto-type. This option is enabled on an account by account basis. More indepth information may be read here. http://keepass.info/help/v2/autotype_obfuscation.html

Enable it by right clicking on an account > Edit/View Entry > Auto-Type > Two-channel auto-type obfuscation.
1sKIkw6.png



Next, is the setup. I put Keepass 2.29 up against five keyloggers: Actual Keylogger, Any Keylogger, Award Keylogger Pro, Elite Keylogger, Kidlogger, and Spyrix Personal Monitor. Unfortunately, I did not write down what versions the Keyloggers were. I tested these in VirtualBox's virtual machine environment with Windows 8.1 64-bit. I tested Keepass against one keylogger at a time, and when I finished testing the keylogger I loaded a clean virtual machine.

This paragraph focuses on the key to the table below. The colors are from the point of view if you were using Keepass. The text describes what the keylogger did. Red means that the keylogger was able to capture the credentials entered. Orange means that the keylogger captured a small portion of the username and password that is in a random order. So, if my username is Michael123, keyloggers will capture something like hc32M. Lastly, the green color signifies that the keylogger did not capture any information.

D4qU5u9.png



Conclusion
Overall, the default ways to enter username and passwords from Keepass should not be trusted. Users should switch to the secure desktop, and use two-channel auto-type obfuscation whenever they can. Copying and pasting your credentials should never be used. With regards to the two-channel auto-type obfuscation, weaker passwords are easier to find out because part of the password is revealed to the keylogger. The longer your password is, less is revealed when using two-channel auto-type obfuscation.
 
Last edited:
H

hjlbx

I don't trust any software - especially antivirus software against keyloggers. Time and time again I see them fail - especially on 64-bit systems.

Anti-keylog protections are pretty much non-existent from what I see...
 

Oxygen

Level 44
Verified
Feb 23, 2014
3,316
I don't trust any software - especially antivirus software against keyloggers. Time and time again I see them fail - especially on 64-bit systems.

Anti-keylog protections are pretty much non-existent from what I see...

I agree with this seeing as they fail most of the time anyways.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Most antivirus only take it for granted like providing virtual keyboard which aren't sure how it can secure from keystrokes for maintainance besides detection based.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top