Is it insecure to upload Keepass database to Google Drive, Dropbox or any other file service in the cloud?

I’ve read this answer in Security Stackexchange: https://security.stackexchange.com/a/45337

So, I feel kinda confident if a put a big number of PBKDF2 iterations, like 10.000.000, it should be OK.

My master password is based on diceware, but is not very very long because I need to remember it.

What do you people think about this?

    • amanwithausername@vlemmy.net
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Syncthing is great. Servers are overrated anyway, I would rather everything be peer-to-peer wherever possible. Currently working on a script to integrate calcurse with DecSyncCC so I can keep my calendar synced between my laptop and phone without a server!

    • vsis@feddit.clOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      wooo didn’t know about that. I’m going to read about it. If it doesn’t require a home server, it suits my needs

    • vsis@feddit.clOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      1 year ago

      Turns out this was exactly what I needed. I have no idea Syncthing was a thing. So, thanks a lot.

  • Alatarius
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    1 year ago

    I keep mine in the cloud but I also have a key file attached to it. That is not kept in the cloud so at least I have some security if the cloud service gets hacked and my password is 57 characters long.

    • vsis@feddit.clOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I get it. But if I have to carry the key file everywhere to every device, I can just carry the database file.

      • FlagonOfMe
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        There are two advantages of using the cloud for the database while keeping a key file out of it.

        1. It’s a backup that’s not on any of your own devices.
        2. Your devices sync with little effort. Save the file on one device, and the others have the new database automatically (when using common cloud storage providers that sync)
      • Alatarius
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Understandable. I don’t go very many places so this way is most convenient for me. For your situation I’m not real sure what would be the best practice for you, but I will be keeping an eye on this thread if someone has a better answer

  • FlagonOfMe
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    I use KeePass and keep my database in the cloud. I use a key file that is never stored in the cloud in addition to my master password. You get a cloud backup of your database, and updates will sync to your devices if your cloud provider has a client that does that.

    I actually don’t sync it directly to my phone. I download a copy as needed. I also don’t add passwords on my phone to my main database. I use a separate database for logins I create on my phone and import them once in a while on my PC. This is because Google Drive’s sync on Android has been unreliable for me, though I haven’t tried again in years.

    I use KeePass DX on Android because it has a nice virtual keyboard so you don’t have to use the clipboard, which is insecure. It also has a better UI with fingerprint unlocking.

  • blackstrat@lemmy.fwgx.uk
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Does it have to be in “the cloud” or just accessible multiple places? I have a nextcloud instance running that’s locked down but allows sharing with my android phone. For other computers it’s on a network share and if off site I can connect over Wireguard to my home network to get access.

    • vsis@feddit.clOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      It does not have to. But I kinda hate sysadmin stuff, so I’m looking for convenience.