-
Notifications
You must be signed in to change notification settings - Fork 49
en | Technical | KeePassRPC | Security levels
There is updated documentation available on the Kee community forum.
When KeeFox connects to KeePass with the KeePassRPC plugin, it encrypts the communication between Firefox and KeePass to help protect your passwords from some types of malware
For this encryption to work, there needs to be a secret key/password that is shared between the two communicating partners - in our case that is the KeeFox Firefox add-on and the KeePassRPC KeePass plugin.
Both ends of the connection need to store the secret key in a safe place; the security level you choose will affect where and how these keys are stored.
No matter which security level you use, the actual messages travelling between Firefox and KeePass are encrypted with the highest available security.
Most people will be happiest with the medium security level - it provides a good balance of security and convenience. This is a similar level of security that version 1.2 of KeePassRPC offered.
If you want higher security you can either:
-
Enable high security mode which will ask you to type a new short password every time you connect Firefox to KeePass. A new secret key is created from each password you type.
-
Adjust the "Authorisation expiry time" to decrease the length of time that each secret key is used for. The default expiry time is one year (except in version 1.3.0 where a mistake has set this expiry time to 2 weeks).
You should only choose the low security mode if you are performing a short-term test to diagnose problems that prevent you from using a higher security level.
Technical detail about exactly what is different between each security level can be found here
The information in this Wiki is out of date.
It is only of interest if you are using the old add-on called KeeFox in a very old (insecure) version of Firefox or other browsers based on the old Firefox XUL technology.
Read the manual for Kee and KeeBird instead.