Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Where would you recommend me to store the Keepass-file?

Off-Topic discussions about science, technology, and non Debian specific topics.
Post Reply
Message
Author
User avatar
say_hello
Posts: 36
Joined: 2019-10-13 09:58

Where would you recommend me to store the Keepass-file?

#1 Post by say_hello »

dear friends, hello dear experts in this community.


Where would you recommend me to store the Keepass-file? This questions keeps to be a very important question to me. Well - for most of the use-cases usually i have all my personal documents in my cloud account.

The pro: i can access it from everywhere in the world. With any device.

But besides that i am not so sure if this is safe. Especially if it comes to such things like keepass: Some friends mentioned that it is not so safe:

Question; would it be safe to use the cloud for the keepass-file? Can i secure it even further, by adding another (extra) layer of security by encrypting the file.

the generalized question is this: How safe is it to store the keepass-file in the (wrong place) like in the cloud? What risks do I need to know about?

What can I do with the KeePass password file, there are several arguments to decide where to store it.
if the passwords are really, really important to someone, one should make the decision based on:

- the risk of the file being hacked - what can we do if we consider to get hacked
- what if someone may compromise the file
- is it preferable that the DB file not get in the wild,
- there may be more and other risks - which one do you take into consideration"?

What should i do - what can be done with the passwd.

can I secure it even further, by adding another extra layer of security by encrypting the file i am going to store in cloud storage online.


look forward to hear from you

yours say

debbieanne
Posts: 14
Joined: 2018-05-03 14:46
Been thanked: 1 time

Re: Where would you recommend me to store the Keepass-file?

#2 Post by debbieanne »

I use a strong master password on the file. I make the local permissions limited to my account -- no access to group or other accounts. I transfer the file, when needed, via a local server and I don't leave a copy on the local server. A USB drive would work as well, perhaps better, depending on your usage.

I don't keep the app or data on my phone.

I used to use LastPass but I dropped that not for security concerns but for business model concerns. I anticipated loss of free service at some future point.

Castle_Age
Posts: 6
Joined: 2020-09-04 16:49

Re: Where would you recommend me to store the Keepass-file?

#3 Post by Castle_Age »

ghjghjfjhfhj
Last edited by Castle_Age on 2023-08-11 15:15, edited 1 time in total.
DELETED ACCOUNT

User avatar
sickpig
Posts: 589
Joined: 2019-01-23 10:34

Re: Where would you recommend me to store the Keepass-file?

#4 Post by sickpig »

say_hello wrote:can I secure it even further, by adding another extra layer of security by encrypting the file i am going to store in cloud storage online.
makes sense to encrypt it if you must store it online.

Code: Select all

gpg -c --passphrase-file unlock --pinentry-mode loopback yourfile
unlock will be the file which should have the passphrase to encrypt yourfile.

sgosnell
Posts: 975
Joined: 2011-03-14 01:49

Re: Where would you recommend me to store the Keepass-file?

#5 Post by sgosnell »

KeePass encrypts the data file on your machine. I've had mine stored on Dropbox for years, without issues. Use a strong password, and you don't need to worry about others having access to it. If they want to use a few years of supercomputing power to crack it, it's possible, but that's unlikely. KeePass and its derivatives - KeePassX (mostly unsupported now) and KeePassXC (the best choice IMO) do all encrypting and decrypting locally. The database is never exposed off the local machine in plaintext. It's the same security as GnuPG, but more convenient and user-friendly.
Take my advice, I'm not using it.

LE_746F6D617A7A69
Posts: 932
Joined: 2020-05-03 14:16
Has thanked: 7 times
Been thanked: 65 times

Re: Where would you recommend me to store the Keepass-file?

#6 Post by LE_746F6D617A7A69 »

Castle_Age wrote:I ended up figuring, really safest place for all this stuff, is your head
Agreed; as for now, this is the safest way for storing the passwords. However, there is one problem with this approach: safe passwords should be complex and unique - to protect You against dictionary attacks and profiling. It can be hard to remember tens of unique passwords used for various purposes, but there's an easy way to achieve this:
Instead of remembering exact passwords, try to create and remember a *method* for generating your passwords, f.e.:
Your name is Django, Your dog's name is Bastard ( ;) ), Your bank is a Bank of Canaries, so the resulting password could be:
BBaasntkaorfdCDajnnaarnigeos
To enter such password, You start with "BastardDjango" and then injecting the letters from the string "BankofCanaries", by skipping every second letter from the "base" password string using cursor keys.

The trick is, that You don't have to store the passwords (f.e. in the cloud) - all You need is to create some clever rule to generate the passwords from strings which are easy to remember for You, within particular context.

Such passwords are 100% invulnerable to dictionary attacks, and when the components are wisely chosen, such passwords are also invulnerable to profiling (i.e. don't use the true name of Your dog ;) )
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed

sgosnell
Posts: 975
Joined: 2011-03-14 01:49

Re: Where would you recommend me to store the Keepass-file?

#7 Post by sgosnell »

Reusing passwords is a security risk. There is no possibility of my remembering hundreds of passwords for websites, credit card info, notes, and whatnot. I've been using a password safe for a very long time, since the days of the Palm Pilot. A carefully chosen password safe is, IMO, essential these days.
Take my advice, I'm not using it.

User avatar
sickpig
Posts: 589
Joined: 2019-01-23 10:34

Re: Where would you recommend me to store the Keepass-file?

#8 Post by sickpig »

most secure

Image

sgosnell
Posts: 975
Joined: 2011-03-14 01:49

Re: Where would you recommend me to store the Keepass-file?

#9 Post by sgosnell »

That password is too easy to guess. Much better to reverse it. Nobody would ever guess 654321. For passwords I need to remember, I tend to use words or phrases transliterated from another language, which uses a non-Roman alphabet. The transliteration can be creative if desired. Easy for me to remember, but difficult for a snooper to crack through a dictionary attack. It does require knowing at least a little of another language, though.
Take my advice, I'm not using it.

User avatar
sickpig
Posts: 589
Joined: 2019-01-23 10:34

Re: Where would you recommend me to store the Keepass-file?

#10 Post by sickpig »

sgosnell wrote:Nobody would ever guess 654321.
so true :) this should be the new FIPS security standard.

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: Where would you recommend me to store the Keepass-file?

#11 Post by bester69 »

sgosnell wrote:Reusing passwords is a security risk. There is no possibility of my remembering hundreds of passwords for websites, credit card info, notes, and whatnot. I've been using a password safe for a very long time, since the days of the Palm Pilot. A carefully chosen password safe is, IMO, essential these days.
I use same passwords for everything.. I learnt around 8 or 10 differentes passwords and always use the same ones... for not important accounts I use one of mines such as 12345 but with some letters.. for others accouts more important , I use one o two more complex with some weird characters intercaled like dots.. and for account banks or sensible main cloud accouts I use two or three long passwords I memorized it... and for others ones i dont need to memorized I use bitwarden password manager... even within bitwaden i try not give much information about the account , the nickname and the password.

I had your same dilemma with the keypasses files... in order to store them in the cloud.. , and the answer is in my opinion to use commun sense and stenography security... you can divide/cut your keepass-file in three files just like this.:

cat image1.png MyDecodeKeepassPassword.txt image2.txt > Keepassfile

this way you just store two different image files in cloud ( image1.png and image2.png) and keep in your mind a basic password... (MyDecodeKeepassPassword.txt) , this is perfect secure and very easy to do.. cos, they wont ever know your basic password (as MyDecodeKeepassPassword.txt), and they wont ever know which algortim do you use to compose your keepass.file... So , as you see, it was easier than what you thought :wink:

Its important to hace redundant backup clouds of your security keepass-file, cos if you delete them accindetally in the cloud or you lost the cloud account
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

Post Reply