Discussion: Keyfile only safes
I personally think that a Safe locked only with a Keyfile (in contrast to composite keyfile, which is password plus keyfile) offers almost zero protection. Not to mention that we can't offer to store such file (that would make it effectively zero protection), making the unlocking process very awkward.
Things to consider:
- We have to support every kdbx file out there
- The user should not be expected to have a deep grasp on how security works. If we allow to create Safes using broken algorithms we will have users doing so
The options I see:
- Do not allow the user to create such safes, but allow to open them
- Discourage the user from doing so via a properly placed warning label
- Encourage the user to create a safe using Password or the Composite method
- The good do nothing option
Edited by David Heidelberg