Is it insecure to upload Keepass database to Google Drive, Dropbox or any other file service in the cloud?

I’ve read this answer in Security Stackexchange: https://security.stackexchange.com/a/45337

So, I feel kinda confident if a put a big number of PBKDF2 iterations, like 10.000.000, it should be OK.

My master password is based on diceware, but is not very very long because I need to remember it.

What do you people think about this?

  • vsis@feddit.clOP
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I get it. But if I have to carry the key file everywhere to every device, I can just carry the database file.

    • FlagonOfMe
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      There are two advantages of using the cloud for the database while keeping a key file out of it.

      1. It’s a backup that’s not on any of your own devices.
      2. Your devices sync with little effort. Save the file on one device, and the others have the new database automatically (when using common cloud storage providers that sync)
    • Alatarius
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Understandable. I don’t go very many places so this way is most convenient for me. For your situation I’m not real sure what would be the best practice for you, but I will be keeping an eye on this thread if someone has a better answer