Recommended Encryption Settings

Encryption Settings

We recommend a KeePass (KDBX4.x) format database. This allows a configurable Key Derivation Function.

For your KDF, we recommend Argon2d or Argon2id, both are nice GPU resistant KDFs. You should set the memory to around 32MB. Higher memory settings (especially anything above 64MB) will cause issues using your database in AutoFill mode (due to system limitations).

Once set, you can then adjust the iterations and/or paralellism so that it takes about 1 second to unlock your database.

Once your key is derived it is used to encrypt or decrypt your database. We recommend then either AES or ChaCha20 as the algorithm for this.

NB: The most important thing you can do is to have a very strong database password known only to you, and backed up securely offline.

May 16, 2023