Cryptography
According to the utility's author, KeePass was one of the first password management utilities to use security-enhanced password edit controls, in this case one called CSecureEditEx. The author makes several claims regarding the security of the control and its resistance to password revealing utilities; however, the author does not cite or make any references to any third-party testing of the control to corroborate the claims of its security. The software can be tested, since the source code is freely available.
Access to the database is restricted by either a master password or a key file. Both methods may be combined to create a "composite master key". If both methods are used, then both must be present to access the password database. KeePass version 2.x introduces a third option—dependency upon the current Windows user. KeePass encrypts the database with the AES or Twofish symmetric ciphers. AES is the default option, and Twofish is available in 1.x, but is not available in version 2.x. However a separate plugin provides Twofish as an encryption algorithm.
Passwords are protected in memory while KeePass is running. On Windows Vista and Windows 7, passwords are encrypted in process memory using Windows Data Protection API, which allows storing the key for memory protection in a secure, non-swappable memory area. On previous Windows systems, KeePass falls back to using the ARC4 cipher with a temporary, random session key.
Read more about this topic: About Kee Pass