Duplicating keepass files instead of creating a new file

Question

I'm currently using KeePass 2 and syncing them via dropbox. I have a few KeePass files (one for websites, one to store software licenses, etc...)

Every time I need a new KeePass file, I just create a copy of the kbdx file, open it, remove all existing entries, change the key transformation rounds to another pseudo-random value.

I do not change the master password and I understand the risk of doing that. I imagine that the salt used for the encryption of the kbdx file is the same for every of my kbdx files since it's probably generated upon creation of the kbdx file.

By using the same master password and salt in every kbdx and just changing the transformation rounds, I believe that it guarantees myself at least the same security than having everything in a single kbdx file.

Am I wrong in believing that? Is my practice actually a security risk by lessening the amount of effort to crack a kbdx file?

Answer 1

It's the same.

What is not "safe" is the fact that you have a single master password for all your databases, but you probably get that idea yourself.

How you configure and organize your keepass db is your call and it should not affect the basic security settings.

Answer 2

To my understanding changing the rounds for the KDF (Key Derivation Funktion) causes a new encryption key to be used. And probably the salt changes, too. However you still have the same master password.

"If you lost one, you lost all" (meaning: If someone gets or gets your password, all your files are in danger equally).

The only thing you achieved is that no-one can say whether your are using the same master password for all your files, unless that person is able to decrypt one of them.