2

Below I am using v2.32 of KeePass and v2.0.2 for KeePassX, and I am using Linux.

I was messing around with the number of transform rounds and noticed when choosing one second delay in KeePassX (this is called benchmark on KeePassX) gives 21760000 rounds and KeePass gives 522174. KeePassX opens both files very quickly, taking about a second on the 21760000 rounds one, while KeePass opens the 21760000 round file in around 43 seconds. To rub salt in the wound, Keepass2Android opens the 21760000 file in around 4 seconds, and the other pretty close to instantly.

What is causing such a large difference in performance between the key transformation rounds for KeePass and KeePassX?

It appears KeePass is doing something wrong, at least on the Linux version. Also note 21760000/43 is approximately 522174. I am somewhat worried that KeePass could be giving a false sense of security, since it appears an attacker could potentially be more far efficient at brute forcing than KeePass lets on.

(I know KeePass and KeePassX are not exactly related to each other)

Update: I tested on my laptop at work (which is older, and the hardware isn't nearly as good), with more up to dated software and KeePass v2.34 took about 25 seconds and KeePassX(v2.0.3) took about 7 seconds. When I get a chance I will update software on my home desktop, but it seems the question is still valid since those are the most up to date software and that is still a pretty big difference.

Improve this question
2
  • 2
    I suspect an issue with the mono implementation of the crypto stuff that KeePass uses, or in running code optimized for .NET in mono instead, rather than an issue with KeePass itself. I further expect you'd see much closer results between KeePassX on Linux vs. KeePass on Windows. But I don't know enough about this to make a full answer. :-)
    – Ben
    Commented Nov 29, 2016 at 21:38
  • @Ben That seems quite believable. I will see if a friend would install both on their Windows computer (I have a feeling KeePassX will be more uniform across platforms).
    – Paul Plummer
    Commented Nov 29, 2016 at 22:02

1 Answer 1

Reset to default
0

I don't know what the actual problem with the varying speeds is, but different implementations running on different CPUs result in different speeds.

If you are worried about security, it's better to use a strong password and/or keep your database safely stored rather than using a weak password relying on a long time to try (verify) a password.

Improve this answer
5
  • If you don't have an answer why are you posting as an answer rather than a comment?(to a 6 year old question) For the record, comparisons were between software on the same hardware except for the android phone test which was significantly faster than KeePass on my desktop but 4 times slower than KeePassX on my desktop(KeePassX to android makes sense as the desktop was significantly "better" hardware than a cellphone, the question is why is KeePass significantly slower)
    – Paul Plummer
    Commented May 13, 2023 at 17:06
  • Wasn't the question "What is causing such a large difference in performance between the key transformation rounds for KeePass and KeePassX?"? if so, this answers the question.
    – U. Windl
    Commented May 15, 2023 at 7:14
  • It doesn't really address the question, two projects can perform similarly or very differently. You are basically saying "they are two different programs so they are different", which is technically true but doesn't address what is actually contributing the differences in performance for very related projects (and these are open source projects so presumably "anyone" could figure it out)
    – Paul Plummer
    Commented May 15, 2023 at 7:22
  • If you want details, you should also add the CPUs being used, the operating systems being used, and the exact versions the the programs and libraries being used. You can't expect an answer that guesses details from the question, specifically if there are thousands of variants. With the question given, I doubt you'll get a better answer.
    – U. Windl
    Commented May 15, 2023 at 7:27
  • Oh, did you test on your computer (based off info that was in my question) and not get similar results?
    – Paul Plummer
    Commented May 15, 2023 at 7:31

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .