Database Settings Describes the various database options.

On the database settings dialog, you can configure various database-related settings.

• General
• Security Options
• Protection Options
• Compression Options

  General

On this tab page you can specify general things like the name of the database and a description. Additionally, you can set various defaults like a default user name for new entries (created in this database).

  Security Options

On this page you can specify various encryption-related settings. Only change this settings when you really know what you are doing.

Encryption Algorithm:
You can set the encryption algorithm, which is used to encrypt the database. All encryption algorithms offered by KeePass are well-known standard algorithms, regarded as very secure by the cryptography community. These standards are used by banks for example. All of the algorithms are unbroken; there is no "best" algorithm. If you don't know which algorithm to choose, use the Advanced Encryption Standard (AES, Rijndael) algorithm.

Key Transformation:
In order to strengthen your database against dictionary attacks and password guessing attacks, KeePass supports key transformations. A key transformation is a simple operation, which is relatively easy to compute but which one must perform to get the final key: there is no shortcut to come from the original key to the transformed one without computing these transformations. The whole point behind this is that it takes an attacker time to compute these transformations, too. KeePass lets you freely specify the number of key transformations. Assume you set it to a number so that it takes about 0.5 second on your computer to perform. If an attacker now tries to find the correct key for the file (by guessing), it'll take him 0.5 seconds to test only one password! A testing rate of 2 passwords per second is very inefficient, making dictionary attacks and password guessing attacks almost useless.

KeePass got a link button on this page to compute the number of key transformations your computer can do in 1 second. If you for example only want to wait 0.5 seconds, half the number resulted from the benchmark.

  Protection Options

On this page you can configure run-time memory protection settings for this database. Fields can be stored encrypted in process memory. This ensures that no other application can read your data by dumping the memory of KeePass.

It is recommended to turn on memory protection for password fields and leave it disabled for all others. Process memory protection slows down all operations a bit, you should therefore carefully decide which fields are really worth to be protected this way.

Memory protection is useless if you display the fields in the main window (because if they are displayed in this window, they are automatically stored as plain-text in memory as Windows needs to be able to read it), therefore KeePass offers you to turn on visual hiding in the main window for the selected protected fields. It is highly recommended to check this option before closing the dialog.

  Compression Options

KeePass databases can be compressed before being encrypted. Compression reduces the size of the database, but also slows down the database saving/loading process a bit.

It is recommended to use the GZip compression option. This algorithm is very fast (you won't notice any difference to saving the database without compression) and its compression rate is acceptable.

It is not recommended to save databases without compression.

On modern PCs, saving files with compression can actually be faster than saving without compression, because the compression process is performed by the CPU (which is very fast) and fewer data has to be transferred from/to the storage device. Especially when the device is slow (like saving to USB stick), compression can reduce the saving/loading time significantly.