Where to store the database, where to store the keyfile?

  • Kesafi

    Kesafi - 2014-04-23

    Hi there

    I'd just like to check if there's anything I may have overlooked in the issue of where to store the KeePass database and a keyfile for it. I just realised that I'd always visualised using a 'fixed' location for a KeePass database on one or more synchronised PCs, and a 'movable' location for a keyfile (USB stick that I plug in to each PC as I use it).

    Is there any practical difference between having the same keyfile permanently stored on every PC I use and carrying my database around on the USB stick? The only advantage I can see is that I would have only one database file and it can never be out of sync. Disadvantages? I can't see any, but I'd be interested to hear views. To permit usage on any PC, including one I'd never visited before, I could even store a copy of the keyfile in Dropbox or wherever. The keyfile in itself doesn't hold any valuable data so protecting it is not really an issue. Or is it?

    As I'm writing this I realise it's like carrying my door with me everywhere I go and leaving lots of copies of my key lying around in public. But if I'm the only one with the door, so what?

    I've decided there is no such thing as a trivial issue in security: more likely there's an major item I've overlooked or misunderstood. Apologies if this indeed trivia. As you get increasingly paranoid it's more difficult to tell the difference!

    Thanks and regards

  • wellread1

    wellread1 - 2014-04-24

    From a security perspective, assuming the key file is strong, it doesn't make much difference which media you store the database and key file on, as long as they are separate and not both accessible to an attacker.

    There may be other considerations favoring a particular arrangement. For example:

    • If you want to synchronize your database between two stationary computers using Dropbox, you would need to place the database on Dropbox.
    • Regular backups of your database might be more convenient if the database is located on a hard drive. The key file needs to be backed up only when the key file component of the Master Key is changed.

    Note: You should not plan to keep just a single copy of either component, or you risk losing access to your passwords. Make backups of both database and key file since one is useless without the other. If you store the backups together, they should be in a secure location where there is no danger that the backup could be used accidentally (e.g. not in a drawer).

    As I'm writing this I realise it's like carrying my door with me everywhere I go and leaving lots of copies of my key lying around in public. But if I'm the only one with the door, so what?

    It is natural to be more anxious about losing track of the database because it contains the passwords. However, if the database Master Key is strong and and it is not known by the attacker, then the database is secure against massive attacks.

    The real danger is that you will accidentally leave or lose a copy of the database together with key. I strongly recommend that you also use a strong master password as mitigation.

    Last edit: wellread1 2014-04-24
  • Kesafi

    Kesafi - 2014-04-24

    Thank you for the extensive reply - very useful ideas.

    If you want to synchronize your database ...

    This is what I do currently, as I have multiple 'versions' of the database on stationary PCs. But If I move to having only one 'version' on a USB stick, there's nothing to synchronise it with and no need to plan for that.

    Regular backups of your database ...

    I absolutely agree with that bullet point, and the note that follows. Maintaining accurate recoverable backups of all my data (whether encrypted or not) is a separate set of processes to me. I don't having any doubts as to the importance of that. I already handle backing up data from and to USB devices under my own rules in that regard. That is not related to security.

    I also understand the concept that keyfile and database have to be maintained in order to work together. However if we say that components A+B have to be simultaneously available to access my passwords, then does it really matter whether A is the database or A is the keyfile? The main difference I think (and I didn't express in my first post) is that the database contents are likely to change with time whereas the keyfile is likely to stay constant. So, do I carry around a single version of the changing component and leave constant keys everywhere, or do I carry around one constant key and try to maintain synchronisation between multiple changeable components? Of course the most secure may be A+B+C (database, keyfile, password) but that also requires the greatest self-discipline!

    My view is that logistically it might be easier (for me, anyway) to eliminate multiple copies of the database and simply look after (i.e. backup etc) that one file. It's not so much based on "it's the one that contains the passwords", but more on "it's the one that changes".

    Thanks again.

  • Paul

    Paul - 2014-04-24

    As soon as you change the database on the USB stick you no longer have a valid backup. It may be several days before you are in a position to backup the USB and if it is lost during this interval you lose your changes. A PC based database can be backed up instantly via a plug-in or trigger.

    cheers, Paul

  • Kesafi

    Kesafi - 2014-04-24

    Good point, but (gulp) ... (you've no idea how uncomfortable I feel using 'but' in a discussion with Paul who has been a fantastic source of highly-valued knowledge since I started using this forum) ... but it's not as if I can change the database on the USB stick without a PC. Any changes that occur in the database will be as a result of being attached to a PC. Having made a change while using it my next user step would be to back it up.

  • Paul

    Paul - 2014-04-24

    I'm only suggesting a possible scenario. If you have it covered I'm happy. ;-))

    cheers, Paul


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks