Allow "Clear Master Keys on Timeout" to have its own timeout #499
Description
I would like if Clear Master Keys on Timeout has its own timeout, separate from Database Timeout.
This could improve security because I believe the current options cause most users to select between three less-than-desirable options.
-
Set timeout but don't clear the master keys. In this scenario, a very short timeout (such as 30sec) presents no inconvenience. However, the Master Keys are cached.
-
Set a short timeout and clear the master keys. This scenario would be very annoying.
-
Set a long timeout and clear the master keys. A longer timeout improves convenience over (2) but leaves the database is unlocked in memory for long periods of time.
This leaves many users selecting between options (1) and (3), which are not ideal. I only see people going for (2) if they have a very particular threat model. This suggestion may offer users a better middle-of-the-road option.
It is my understanding that locking the database will dump the database from memory, which I find desirable.
In my situation, I would prefer to configure the following:
a) A very short database timeout while retaining the master key cache
b) A longer period of time before clearing the master key cache (say 8 hours)
A lot of this comes down to biometrics. For use throughout the day it’s very convienent. After some period of time, I would like Keepassium to ask “is it really you”. This stems from the fact that biometrics do not receive the same legal protectoins in the USA as do passwords.