dbKoda 0.10.0 comes with a new feature that allows you to store your passwords for each connection and instead login with your master password at the start of each session.
How are passwords stored in dbKoda?
Your passwords are stored encrypted in a yaml store file together with the id of the related profile.
How do we secure the passwords in the store file?
When you enter your master password, it is hashed and then kept in memory only as a hash. When stored for comparison, the master password is then hashed to store a verify hash, which is then compared with the user's entered password hash to determine the validity of the entered credentials.
When storing passwords, they are encrypted and decrypted with bcrypt to ensure they cannot easily be extracted from the store.
How does dbKoda prevent brute force attacks on the password store?
If a user makes 5 incorrect login attempts, the password store is wiped to prevent unauthorized access.