Is it safe to stare my KeePass database on Dropbox or Google Drive?

Jason
2013-09-29
2013-10-17
  • Jason

    Jason - 2013-09-29

    Won't it become more or a target in the cloud? Can information be intercepted if i sync with KeePass databases in the cloud? Thx

     
  • wellread1

    wellread1 - 2013-09-29

    A KeePass database is decrypted on the computer running KeePass. As a consequence neither the Master Key or unencrypted data traverses the internet. KeePass database file encryption is independent of any cloud service. An attacker that gains access to a cloud account that contains a KeePass database is still faced with the difficult problem of decrypting the database. In any particular environment, a user may wish adjust the strength of the database Master Key based on their perceived the risk of losing control of the password database.

     
    Last edit: wellread1 2013-09-29
  • develop1

    develop1 - 2013-09-30

    to add on to wellread1's advice brute force attack is further thwarted by adding transformation rounds to the encryption (see: file/database_settings/security).
    A one second delay is normally not an issue to our daily use of keepass but a one second delay to a brute force attack neuter's its effectiveness.
    I personally have no issues with my .kdbx my cloud account.

     
  • liam

    liam - 2013-10-03

    if you want to make extra sure use the password + key file as well

     
  • Gordon Venem

    Gordon Venem - 2013-10-17

    But don't put the keyfile in the cloud, too.

     
    Last edit: Gordon Venem 2013-10-17

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks