Is it possible to create mutiple groups in the same database (i.e., the same file) such that when the master password is entered, only some of groups are shown (with their password), and to get access to a more important group a file key (or maybe additional password) is needed in addition?
This way I can put sensitive information in a certain group in my single database and prottect it by an additional layer (key file). Other less important groups are read as usual upon opening the database ( e.g., by entering your master password).
No, The Master Key is used to encrypt and decrypt the database as a whole.
ok, thanks! too bad!
this way, the less important passwords (e.g. keepass forum!) have the same protectin as your banking password!
I do not mind putting my database in dropbox if I have only those "less important" passwords in my database. But If have more important data there too, I need a key file for that portion of database.
Any workaround is appreciated!
I use TeamDrive rather than Dropbox. With TeamDrive the data is encrypted a second time with a different key. It works just the same way as Dropbox.
I use triggers to synchronise the local database to the TeamDrive copy on my computers rather than just having the TeamDrive copy as this protects the file better against simultaneous updates from two computers.
I would be cautious of putting important passwords on a server like dropbox. Your database gets copied by dropbox employee or a hacker if the server is broken in (we all know what happened to linkedin a few months ago).
Now few years from now keepass software has been updated, but your old stolen file is encripted using old versions of keepass. So if a weakness is found in keepass implementation of AES256 (or less likely the algorithm itself is broken or updated), you cannot do anything to protect your data.
Encrypting twice is a false sense of protection; adding one more letter to the first password, or better allowing capitalization, is a better protection.
I must disagree with you about double encryption.
Encryption with KeePass. using a strong key using KeyPass implementation of AES. and then encrypting the whole Keypass database file a second time with a second independent strong encryption key (which is what TeamDrive does with its implementation of AES) would, in my opinion, give greater security. TeamDrive encrypts the data on the PC before uploading to the cloud server, Dropbox does not, it only encrypts data in transit to their server.
I believe KeePass applies a hash function to the password/keyfile repeatedly to derive the actual encryption key. If AES were to be attacked directly then two separate keys (KeyPass and TeamDrive) would have to be cracked. Making the KeePass key longer does not give this additional protection. If the AES algorithm is eventually broken then increasing the key length, or having a key file, would give no additional protection.
This OK for PCs. It would not work where implementations of TeamDrive are not available on a target platform.
I routinely use two password databases that I open together on my PC automatically. One for all my passwords, and another that has a few passwords for my phone that I keep on dropbox.
I use KeePass 2.21, the KeeAutoExec plugin, and have two (or three) triggers
You will also need to use a method other than the "Remember and automatically open last used database on startup" setting, to open the autoopen database at startup. This could be a a trigger or a command line switch.
KeePass 2.21 is required for Trigger 2. to work correctly.
I need to learn about triggers; I think they probably do not work with keepassx. Thanks.