- Uguqulelo oluntsonkothileyo olomeleleyo kunye ne-KDF: AES-256/ChaCha20 ene-Argon2 okanye i-AES-KDF elinganiswe kakuhle ikhusela yonke isiseko sedatha.
- Ulawulo lulonke: ukhetho lwasekhaya, oluphathekayo, kunye nolweselula; sync kunye nelifu okanye izixhobo eziphathwayo. i-USB kuxhomekeke kwimodeli yakho.
- Izinto ezinamandla: igama eliyimfihlo elide kwaye, ukuba likhona, ifayile engundoqo kwisixhobo esahlukileyo.
- Imveliso ekhuselekileyo: Uhlobo oluzenzekelayo, ukudityaniswa, kunye nezinto ezibangela ukuhamba komsebenzi ngokufanelekileyo ngaphandle kokuncama ukhuseleko.
Ukuba ulawula iiakhawunti ezininzi kunye neenkonzo, uya kwazi ukuba imemori ilinganiselwe; yiyo loo nto umphathi ethanda KeePass Yigolide ecocekileyo. Beka embindini amagama ayimfihlo akho kwisiseko sedatha esifihliweyo kwaye ikucela "isitshixo" esinye kuphela sokuvula ivault: isitshixo sakho esikhulu (kunye nefayile yesitshixo).
Kwesi sikhokelo, siqulunqe olona lwazi luluncedo noluhlaziyiweyo oluvela kwizibonelelo ezininzi zereferensi ukuze ube nakho konke endaweni enye. Uya kubona indlela yokufaka, ukuqwalasela kwaye uthathe ithuba le-KeePass (kunye ne-ecosystem yayo), indlela yokwenza lukhuni i-KDF (AES-KDF kunye neArgon2), xa usebenzisa ifayile engundoqo, ungenisa njani kwi-Excel/Chrome, ungqamanisa njani ngokukhuselekileyo kwaye wenze ntoni kwiselula, kunye amaqhinga njenge-Auto-Type, iDesktop eKhuselekileyo, Izichukumisi, nokunye.
Yintoni i-KeePass kwaye ikhusela njani isiseko sakho sedatha?
I-KeePass yi umphathi wegama eligqithisiweyo simahla kunye nomthombo ovulekileyo ogcina zonke iinkcukacha zakho kwifayile ekhuselweyo ye.kdbx. Uvimba weenkcukacha uguqulelwe ekupheleni ukuya ekupheleni. kwaye ivula kuphela ngendibaniselwano oyichazayo: igama eligqithisiweyo, ifayile yesitshixo kunye/okanye iakhawunti yakho Windows (eyokugqibela ayilona khetho lubhetyebhetye).
Ngokuphathelele uguqulelo oluntsonkothileyo, iKeePass 2.x iyaxhasa I-AES-256 (Rijndael), i-ChaCha20 kunye ne-Twofishfish, ii-algorithms eziphicothiweyo ngokubanzi. Ikwaqinisekisa ukuthembeka kunye ne-HMAC-SHA-256 (i-Encrypt-the-MAC scheme), ukuthintela ukuphazamisa ngaphandle kolwazi lwakho.
Ukongeza kwi-encrypting kwidiski, ngexesha lokuphunyezwa Khusela inkumbulo ngeDPAPI kwiWindows (okanye i-ChaCha20 xa ingafumaneki) kwaye icime iindawo ezibuthathaka xa zingasadingeki. Ayibonisi abasebenzisi/ii-URL kumbhalo ocacileyo kwifayile: wonke loo mxholo ufihliwe.
Inkcukacha engundoqo kukukhutshwa kwesitshixo phambi koguqulelo oluntsonkothileyo umxholo: Okokuqala, izinto zokuvula zixutywe (igama lokugqithisa/ifayile yesitshixo/njl.) nge-SHA‑256 ukufumana i-K; emva koko u-K uyakhawuleza nge KDF ukwenza kubenzima ukuqikelela.
Ukufakwa kwiWindows, Linux, macOS kunye neselfowuni
Kwi desktop, yikhuphele kwiwebhusayithi yayo esemthethweni kwaye ukhethe isifakeli okanye inguqulelo ephathekayo. Uhlelo lweProfessional 2.x lolona lupheleleyo (iiplagi, imimandla yesiko, ukuvulwa nge-URL, ulungelelwaniso oluphambili, njl.). 1.x isaphila kodwa ilinganiselwe.
Kwi-Windows, i-wizard iyafana rhoqo: ulwimi, ilayisenisi, indlela, amacandelo, kunye nemisebenzi eyongezelelweyo. Unokwenza ukuba kukhangelwe uhlaziyo ukufunda ngokhuseleko kunye nokuphuculwa komsebenzi.
Akukho app yasemthethweni kwiselula, kodwa kukho abathengi abagqwesileyo: Android yima ngaphandle Keepass2Android kunye neKeePassDroid; en iOS, Strongbox kunye neKeePassium. Ezi zikuvumela ukuba uvule iifayile ze-.kdbx, dibanise ukugqibezela ngokuzenzekelayo, i-Face ID/fingerprint, kunye neTOTP.
Ukuba ukhetha amava emveli anqamlezayo kunye nojongano lwangoku, jonga KeePassXC, i-Linux/macOS/Windows ifolokhwe ye-KeePass eyongeza ukudityaniswa kwesikhangeli kunye ne-TOTP, phakathi kolunye uphuculo.
Ukwenza i-database yakho yokuqala: ukhuseleko kunye neenketho
Xa usenza i.kdbx, iKeePass izakucela ukuba uchaze i indlela yokuvula. Eyona ndlela ilungeleleneyo yi-master password eyomeleleyo. kwaye, ukuba ufuna ukuthatha izinto ukuya kwinqanaba elilandelayo, yongeza ifayile engundoqo kwisixhobo esahlukileyo.
Igama lokugqitha kufuneka libe lide kwaye lingalindelekanga; ibinzana elide lisebenza kakuhle kakhulu. Ziphephe iipateni kwaye usebenzise kwakhona, kwaye ungayigcini apho inokuwela ezandleni ezingalunganga. Ungaprinta iphepha likaxakeka, kodwa ligcine likhuselekile.
Ngaphantsi ko "Ukhuseleko," khetha uguqulelo oluntsonkothileyo (AES-256 okanye ChaCha20) kunye ne-KDF. I-AES-KDF ivumela uhlengahlengiso olucokisekileyo (ngaphezulu = ukucotha ukuhlasela) kunye neArgon2 yongeza ubunzima obuxhomekeke kwimemori ngokuchasene ne-GPU / ASICs. Seta "ukulibaziseka kwesibini" njengesalathiso kwirig yakho.
Ezinye iithebhu eziluncedo: "Uxinzelelo" (i-GZip ayichaphazeli kwaye iyanceda), "I-Recycle Bin" (inqanda ukucinywa okubulalayo), kunye ne "Advanced" (imbali, ubungakanani obukhulu, izikhumbuzo zokutshintsha iqhosha eliyintloko, njl).
Gcina kwaye usebenzise iziqinisekiso zakho zokuqala
I-KeePass idala amaqela angagqibekanga (i-Intanethi, i-imeyile, iWindows, njl.njl.) onokuthi wenze ngokwezifiso. Ukongeza ingeniso, sebenzisa "Yongeza uNgeno" kwaye ugcwalise isihloko, igama lomsebenzisi, igama eliyimfihlo (unokwenza enye), i-URL kunye namanqaku.
Ukusebenzisa igama lokugqitha unokhetho oluninzi: cofa kabini ukuyikhuphela okwethutyana kwi ibhodi yokunamathisela (iphelelwa ngemizuzwana), vula ingeniso kwaye uyibonise, okanye Uhlobo oluzenzekelayo ukuba neKeePass bhala igama lomsebenzisi/igama lokugqitha kwifestile esebenzayo ngolandelelwano lwesitshixo.
Ukuba igama lokungena linemihlaba eyongezelelweyo, lungisa i-Auto-Type ulandelelwano ngengeno ngalinye (umzekelo, {USERNAME}{TAB}{PASSWORD}{TAB}{ENTER}). Kukwakho ne-"Channel-Two-Auto-Type obfuscation" ukuze i-obfuscate ngokuchasene nezitshixo ezilula.
Iqhinga elinamandla: "I-URL Scheme Overrides". Ikuvumela ukuba uqalise iinkqubo ezifana nePuTTY okanye i-MSTSC ngeparameters kunye neziqinisekiso ngqo kwigalelo, okanye vula ii-URLs ngesikhangeli sakho osithandayo ngeskim.
Ngenisa ngaphandle kwi-Excel kunye ne-Google Chrome
Ukuba uvela kwifayile ye-Excel, yiguqule kuqala kwi-CSV kunye nomahluli ofanelekileyo (ngesiqhelo; kwiinkqubo zasekhaya). Sebenzisa i-"Generic CSV Importer", iikholamu zemephu ukuya kwimihlaba yeKeePass kwaye ujonge phambi kokugqiba. Unokuzicwangcisa kwakhona ngokwamaqela.
Ukusuka kwiChrome, thumela ngaphandle amagama ayimfihlo kwiCSV (qaphela: ihlala ingafihlwanga ngelixa ikhona). Kwi-KeePass, "Ngenisa" → ifomathi ye-CSV ye-"Google Chrome Passwords"., khetha ifayile, kwaye yiloo nto. Ungalibali ukucima ngokukhuselekileyo i-CSV, nakwinkunkuma.
Uguqulelo oluntsonkothileyo, KDF, kunye neeparamitha: AES-256, ChaCha20, Twofish, AES-KDF, kunye neArgon2
Uguqulelo oluntsonkothileyo lweKeePass lukhusela yonke imixholo (abasebenzisi, ii-URL, amanqaku, izincamatheliso) nge AES-256, ChaCha20 okanye Twofish. Imo ye-CBC kunye ne-IV engacwangciswanga ngokugcina nganye ikhusela iipateni phakathi kweekopi.
Phambi koguqulelo oluntsonkothileyo, isitshixo esihlanganisiweyo sincitshiswe ukuya kumabhithi angama-256 kusetyenziswa i-SHA‑256 kwaye emva koko i-KDF iyasetyenziswa. I-AES-KDF ikala ngokulandelelana ngokuphinda-phinda (Kulula ukucula, ukunganyangeki kwe-GPU encinci). I-Argon2 izisa ukomelela okunzulu kwinkumbulo kunye nokuhambelana okulungisekayo.
Argon2d okanye Argon2id? I-KeePass ibeka phambili I-Argon2d ye-GPU/ASIC ukuxhathisa kumxhasiI-Argon2id yi-hybrid kwaye yongeza ukhuselo lwecala; ukuba usebenzisa isiseko kwizixhobo ekwabelwana ngazo okanye ezingathembekanga, iArgon2id inokuba lukhetho olulungeleleneyo.
Ingcebiso esebenzayo: lungisa iqhosha "1 isekhondi" yokuphuma kwisixhobo sakho esingundoqo kwaye khangela ukuba kwezinye izixhobo zakho ixesha iyafikeleleka (kubandakanywa neselula). Ukuba uyakwazi ukufikelela kwi-1–2 s kwindawo nganye yokuvula, kungcono.
Ifayile engundoqo vs. Igama Lokugqithisa Elingumalathindlela: Leliphi eliLungileyo kunye nendlela yokuLisebenzisa
Ifayile engundoqo yongeza into yesibini engaxhunyiwe kwi-intanethi ukuze umhlaseli angakwazi ukuyiqikelela ngesichazi-magama. Yomelele kune-password nje, kodwa iza nomngcipheko: ukuba uyalahleka okanye utshintsho oluncinci, uvalelwe ngaphandle kwevault yakho.
Ukwenza okulungileyo ngefayile engundoqo: yigcine kuyo isixhobo esahlukileyo (pendrive), yenza iikopi ezifihliweyo, musa ukuyilayisha kwilifu elifanayo njenge .kdbx, kwaye unqande iindlela ezicacileyo. Kwiselula, yishiye kwi ukugcinwa yangaphakathi iguqulelwe ngokuntsonkothileyo yinkqubo, hayi kwi-SD.
Ifayile engundoqo njengeyona nto kuphela? Iyasebenza, kodwa inciphisa ukunyamezela iimpazamo. Indibaniselwano yegama eligqithisiweyo + ifayile yesitshixo inikezela ngokhuselo olunamaleko kwaye ikuvumela ukuba uhlale ngaphakathi ukuba ikopi enye yefayile yesitshixo iyasilela.
Malunga nobukhulu: KeePass .iifayile ezingundoqo zincinci ngoyilo; entropy yayo esebenzayo ayixhomekekanga ubunzima KB kodwa ngamasuntswana angaqhelekanga. Awudingi "uyenza i-10 KB" ukuyenza ikhuseleke.
Ungqamaniso kunye ne-backup: ilifu, iWebDAV/FTP, i-USB, kunye ne-Triggers
Ungayigcina i-.kdbx kwiinkonzo ezifana ne-Drive, Dropbox, OneDrive, iCloud okanye a Iseva yeWebDAV/FTP. Ifayile inoguqulelo oluntsonkothileyo ekupheleni ukuya ekupheleni, ke ukufikelela kwilifu lakho akuvezi umxholo ngaphandle kwesitshixo esihlanganisiweyo.
Imingcipheko kunye nokunciphisa: Sebenzisa ilifu 2FA, musa ukwabelana ngamakhonkco, kwaye ucinge kwakhona guqulela ngokuntsonkothileyo i-ZIP ngeqhosha elahlukileyo Ukuba uza kube uphethe iziseko ezininzi/ezincamatheleyo, kunqanda ukuhlela isiseko esifanayo kwizixhobo ezibini ngaxeshanye.
Ukuba ukhetha ukungaxhomekeki kwi-intanethi, a pendrive ngoguqulelo oluphathwayo kwaye isiseko sisebenza kakhulu. I-KeePass ivumela ukuvulwa nge-URL kunye neeplagi ezifana ne-KeeCloud / Sync ye-S3 / i-Dropbox, kodwa qwalasela ngokucophelela.
Yenza imisebenzi kunye nenkqubo "yezitshizi": xa ugcina unako thumela ngaphandle ikopi, qala ungqamaniso, okanye sebenzisa izikripthi. Iluncedo ekugcineni imbali okanye ukuthumela backup kwindawo ekhuselekileyo.
Iimpawu eziphambili: Khusela iDesktop, iMemori, ukuHlaziya, kunye nohlobo oluzenzekelayo
Vula i-master key box kwi "Khusela idesktop" (Izixhobo → Iinketho → Ukhuseleko) ukunciphisa umngcipheko weelogger ngexesha leeseshoni zokuvula; ikhubaziwe ngenxa yokuhambelana.
Ukuvelisa iziqinisekiso ezithembekileyo, iKeePass iqokelela inkqubo ye-entropy (amaxesha, iintshukumo, ii-GUIDs, njl.njl.) kunye nokusetyenziswa. I-CSPRNG isekwe kwi-SHA‑256/SHA‑512 kunye ne-ChaCha20. Yongeza i-entropy yesandla ukuba ubona kufanelekile.
Kwinkumbulo, isicelo sifihla idatha ebuthathaka kwaye siyicoca xa ingafunwa, sixhomekeke kuyo DPAPI / ProtectedMemory kwiiWindows. Nangona kunjalo, ukuba ubonisa igama lokugqitha kwisikrini okanye uyikhuphele, inkqubo yokusebenza inokugcina iikopi zexeshana.
“Uhlobo oluzenzekelayo” udibaniso lugcina ukuchwetheza neempazamo; yenza ulandelelwano ngenkonzo nganye, yongeza ulibaziseko ({DELAY 1000}), kwaye usebenzise i-obfuscation yamajelo amabini xa kufanelekile. Unokuphinda uqalise ukungena kwe-RDP/SSH ngeetemplates.
I-KeePass kwiselula kunye nezinto ezahlukeneyo ezixhaswayo
Kwi-Android, i-Keepass2Android kunye ne-KeePassDroid zivula iifayile ze-kdbx nge-Argon2/AES-KDF, zenza amagama ayimfihlo, zidibanise ukugqibezela ngokuzenzekelayo, kwaye ziyakwazi Ungqamaniso nelifuKwi-iOS, i-Strongbox kunye ne-KeePassium yenkxaso ye-ID yobuso/i-ID yokuchukumisa, i-TOTP, kunye ne-iCloud/Files yokugcina.
I-KeePassium ibalasele ngemowudi yayo yasimahla enezinto eziyimfuneko kunye nenketho yePremium yokongezwa. Omabini amaqonga avumela i-TOTP edibeneyo, ukuze ukwazi ukugcina imbewu kwaye wenze iikhowudi okwethutyana ngaphandle kokuxhomekeka kolunye usetyenziso.
Umahluko phakathi kwe-KeePass 1.x kunye ne-2.x
Isebe le-1.x likhaphukhaphu kodwa lisika iimpawu: akukho Unicode igcweleyo, akukho kuvulwa kwe-URL okanye ungqamaniso, ushicilelo olulinganiselwe, kunye nokwandiswa okuncinci. I-2.x yongeza iindawo ezilungiselelweyo, iiplagi, uhlobo oluzihambelayo oluphuculweyo, kunye nenkxaso yeplatform ephuculweyo (ngeMono/.NET).
Zombini ziphathwayo, umthombo ovulekileyo, kwaye zisebenzisa i-encryption eyomeleleyo. Ukuba uqala namhlanje, yiya ku-2.x ngaphandle kokuba unesizathu esicacileyo sika-1.x.
I-KeePassXC: enye indawo yeqonga lendawo
I-KeePassXC ithatha i-.kdbx ifomathi kwaye izise kwi-Linux/macOS/Windows ngokudityaniswa kwesikhangeli (Chrome/Firefox/Edge), TOTP, kunye nojongano lwangoku ngakumbi. Isebenza ngaphandle kweintanethi ngokuzenzekelayo, nangona ungangqamanisa usebenzisa ilifu lakho lesiqhelo ngokugcina i .kdbx.
Ukuhamba kwabo okuqhelekileyo kulula: dala isiseko, chaza isitshixo esomeleleyo enkosi, yenza udibaniso lomkhangeli zincwadi, yongeza amangeno, kwaye ukuba uyafuna, gcina i-TOTP kwisithuba esifanayo ukugqiba ukungena kwe-2FA.
Iinzuzo, iingozi kunye nezinye iindlela ze-ikhosistim
Izinto ezilungileyo zeKeePass: ukhuseleko olunokuphicothwa, ukuphatheka, ukuguquguquka ngokusebenzisa iiplagi, ngaphandle kokuxhomekeka kumncedisi ophakathi kunye neendlela eziphambili zokuzenzekelayo kunye nokudibanisa.
Ukungalungi: ujongano olufanelekileyo, ngaphandle kongqamaniso lwemveli (nangona kulula ngelifu), kunye neenketho ezininzi zithetha igophe lokufunda elikhulu kunezisombululo ezivaliweyo "zonke-zolunye".
Ezinye iindlela ezidumileyo: 1Password, Umgcini, Enpass, Bitwarden kunye neLastPassBanikezela ngelifu elidibeneyo kunye namava aphuculweyo, ngokutshintshiselana nokugcinwa kwempahla kubantu besithathu okanye ukwamkela iimodeli ezihlawulwayo.
Ukusombulula iingxaki kunye nezenzo ezilungileyo
Ukuba isiseko asivuli, jonga imeko ephezulu / esezantsi, ifayile yesitshixo echanekileyo Kwaye ukuba usebenzise i-akhawunti ye-Windows, qiniseka ukuba i-SID/igama lokugqithisa lakho alitshintshanga. Akukho kuchacha ngaphandle kwemiba echanekileyo.
Yenza ugcino lwarhoqo lwe .kdbx kunye nefayile yesitshixo; vala iKeePass phambi kokuba uvale kwaye uphephe ukuhlela ngaxeshanye. Sebenzisa umgqomo wokurisayikilisha wesiseko sedatha ukunciphisa umonakalo ekucinyweni ngempazamo.
Ekushicileleni, inciphisa ukuba yeyiphi imihlaba ecacileyo kwaye ifuna isitshixo esiyintloko sokuprinta. Ungaze ushiye ngaphandle ii-CSVs zokuthumela ngaphandle; zicime ngokukhuselekileyo emva kokuthatha ngaphandle.
Imeko eyinyani: Ngaba idatabase yam yelifu inokuqhekezwa?
Masithi kukho umntu oba i-.kdbx yakho kwiWebDAV okanye ilifu lakho. Ukuba usebenzisa Argon2 kunye ~ 1 s of derivation kunye nebinzana elide okanye i-25 + random character master key, uhlaselo lwe-GPU / ASIC alunakwenzeka namhlanje.
Inqaku elibuthathaka lihlala lifutshane okanye linokuxelwa kwangaphambili lamagama agqithisiweyo. Igama lokugqithisa "lomelele ngokwenene" + i-KDF eyenziwe lukhuni + (ukhetho) ifayile engundoqo kwisixhobo esahlukileyo yenza ukuba ixesha lokuhlasela lihambe ukusuka “kumhlawumbi” ukuya “kukungabikho ngqiqweni”.
Ukuqhubeka nokugcina umva kwilifu kulungile ukuba unyanzelisa i-2FA, ungabelani ngamakhonkco, kwaye ugcine i-KDF yakho iphezulu. Ngubani owoyika iimeko ezigqithisileyo Ungayidibanisa kunye nesitya esongezelelweyo esifihliweyo okanye usebenzise kuphela i-USB efihliweyo njengetshaneli yongqamaniso.
Njengombono wokuqhubaIsichazi-magama asiloncedo ukuba ibinzana/isitshixo sakho asinxibelelani, kwaye i KDF icothisa yonke imizamo. Utyalo-mali olufunekayo ukukrazula isiseko sedatha esilungiselelwe kakuhle.
Phambi kokuba utsibe phakathi, thatha umzuzwana ukuchaza umgaqo-nkqubo wakho wokukhuphela (eyasekuhlaleni kunye nangaphandle kwendawo), uqwalaselo lwakho lwe-KDF, kwaye nokuba uyakusebenzisa na. ifayile engundoqo njengomba wesibiniUkhuseleko lokwenyani lwevault yakho luxhomekeke kulo mxube.
I-KeePass ikunika ulawulo olupheleleyo lokulawula amagama ayimfihlo ngokukhuselekileyo, ngokuphathekayo, nangendlela yakho. Ngee-tweaks ezimbalwa ezinengqiqo (i-AES-256 / ChaCha20, i-Argon2 elinganiswe kakuhle, isitshixo se-master eside kwaye, ukuba ikhona, ifayile engundoqo), ngenisa kwi-Excel/Chrome ngaphandle kokushiya umkhondo, yenza i-Auto-Type kwaye unakekele iikopi zakho, uya kuba ne-vault ehlala ihleli kwaye ikhululekile zombini kwiPC nakwiselfowuni.
Umbhali onomdla malunga nehlabathi le-bytes kunye netekhnoloji ngokubanzi. Ndiyakuthanda ukwabelana ngolwazi lwam ngokubhala, kwaye yile nto ndiza kuyenza kule bhlog, ndikubonise zonke izinto ezinomdla malunga nezixhobo, isoftware, ihardware, iindlela zetekhnoloji, kunye nokunye. Injongo yam kukukunceda uhambe kwihlabathi ledijithali ngendlela elula neyonwabisayo.