* KeePass supports the Advanced Encryption Standard (AES) and the Twofish algorithms to encrypt its password databases.
* Both ciphers are regarded as very secure by the cryptography community. Banks are using these algorithms, too.
* Even if you would use all computers in the world to attack one database, decrypting it would take longer than the age of the universe.
* Even quantum computers won't help that much, the algorithms are symmetric so its complexity would be reduced to its square root, anyway, the sun will go nova before you have decrypted the database.
* The complete database is encrypted, not only the password fields. So your usernames, notes, etc. are hidden, too.
* SHA-256 is used as password hash. SHA-256 is a 256-bit cryptographically secure one-way hash function. Your master password is hashed using this algorithm and its output is used as key for the encryption algorithms (AES and Twofish).
* SHA-256 is based on the design of SHA-1 (160-bit), its precedessor. No attacks are known against SHA-1 and the SHA-2 familiy (256-, 384- and 512-bits), in contrast to many other algorithms like MD5 or MD4.
* The passwords are even encrypted while KeePass is running, so if Windows caches the KeePass process to disk this wouldn't reveal the passwords anyway.
* Also see the security information page.
Facebook
Twitter