Is it insecure to upload Keepass database to Google Drive, Dropbox or any other file service in the cloud?
I’ve read this answer in Security Stackexchange: https://security.stackexchange.com/a/45337
So, I feel kinda confident if a put a big number of PBKDF2 iterations, like 10.000.000, it should be OK.
My master password is based on diceware, but is not very very long because I need to remember it.
What do you people think about this?
Syncthing solves this problem for me without my keyring being exposed to any outside servers.
Turns out this was exactly what I needed. I have no idea Syncthing was a thing. So, thanks a lot.
Syncthing is great. Servers are overrated anyway, I would rather everything be peer-to-peer wherever possible. Currently working on a script to integrate calcurse with DecSyncCC so I can keep my calendar synced between my laptop and phone without a server!
wooo didn’t know about that. I’m going to read about it. If it doesn’t require a home server, it suits my needs
This is my solution as well.
I use KeePass and keep my database in the cloud. I use a key file that is never stored in the cloud in addition to my master password. You get a cloud backup of your database, and updates will sync to your devices if your cloud provider has a client that does that.
I actually don’t sync it directly to my phone. I download a copy as needed. I also don’t add passwords on my phone to my main database. I use a separate database for logins I create on my phone and import them once in a while on my PC. This is because Google Drive’s sync on Android has been unreliable for me, though I haven’t tried again in years.
I use KeePass DX on Android because it has a nice virtual keyboard so you don’t have to use the clipboard, which is insecure. It also has a better UI with fingerprint unlocking.
I keep mine in the cloud but I also have a key file attached to it. That is not kept in the cloud so at least I have some security if the cloud service gets hacked and my password is 57 characters long.
I get it. But if I have to carry the key file everywhere to every device, I can just carry the database file.
There are two advantages of using the cloud for the database while keeping a key file out of it.
- It’s a backup that’s not on any of your own devices.
- Your devices sync with little effort. Save the file on one device, and the others have the new database automatically (when using common cloud storage providers that sync)
Understandable. I don’t go very many places so this way is most convenient for me. For your situation I’m not real sure what would be the best practice for you, but I will be keeping an eye on this thread if someone has a better answer
I thought the better KDF was Argon2d because it’s stronger against GPU attacks.
Does it have to be in “the cloud” or just accessible multiple places? I have a nextcloud instance running that’s locked down but allows sharing with my android phone. For other computers it’s on a network share and if off site I can connect over Wireguard to my home network to get access.
It does not have to. But I kinda hate sysadmin stuff, so I’m looking for convenience.