In the interest of security, I'm looking for a physical device to store passwords. The Mooltipass project looks interesting, and I bought a few of them, but was looking for something that could run on cheaper, existing hardware. When looking through the Keepass Firefox plugin, it seems to be able to connect to Keepass by TCP/IP. So, I had an idea. Maybe someone could tell me if it's possible, and/or a good idea.
I was thinking of installing Keepass on a Raspberry Pi Zero, and configure the USB Port on the Pi to act like a network adapter. Make it something like 192.168.25.25. Then, configure the Firefox extension to access Keepass at 192.168.25.25. All one would need to do is plug in the Raspberry Pi Zero, and Keepass should be available at 192.168.25.25. This way, there is no database on the local computer to be stolen by a program like keefarce. The Pi Zero, with a cheap case, easily fits in a pocket or even on a keychain, costs $5, and can easily store all your passwords. Entering the password in the plugin should unlock the database, and there is little danger leaving the database unlocked until it's powered down and removed from the computer. The database always remains physically on the Raspberry Pi.
Thoughts?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The issue is not having your physical database stolen, it's losing control of KeePass / other programs.
A stolen database is effectively useless without the master key / password, but any malware on your computer can capture the data directly from your browser etc - https://sourceforge.net/p/keepass/discussion/329220/thread/75e6e7f7/
I dislike single hardware repositories because when they fail you lose your data. I prefer to stick to a copy on disk that I can backup / restore easily.
You could ask this question on the KeeFox plug-in website.
cheers, Paul
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for the response Paul.
While I accept that a keylogger can access one or two passwords, my main concern is loss of security of a complete database of every password I use. People seem to fit in one of two categories. Either they want to protect a remote entity from accessing their passwords, or they want to protect from a local person physically accessing their passwords. As I use a bound paper book currently to store passwords, I'm firmly in the first category :) As for losing the device, 100% of passwords, database and OS are stored on a MicroSD card, which makes backing up a trivial task. I thought this could add many of the advantages of a Mooltipass, and add a way to counter Keefarce for those of us worried about it
I'm extremely new to Keepass. Can it be accessed entirely by an IP address? Is there a mechanism in Keepass that can prevent asking for every single password? Normally, one would not need more than one password every 10 seconds.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If you have proper security against the loss of one or two passwords then you have also protected against the loss of all passwords.
KeePass is not remotely accessible. A plug-in, like KeeFox, may be able to provide that ability - which is why I suggested you ask on the KeeFox site - but you still need to run KeePass under Windows to gain that ability.
KeePass does not limit access. It has some basic features, like prevent export, under policy - Tools > Options > Policy.
cheers, Paul
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In the interest of security, I'm looking for a physical device to store passwords. The Mooltipass project looks interesting, and I bought a few of them, but was looking for something that could run on cheaper, existing hardware. When looking through the Keepass Firefox plugin, it seems to be able to connect to Keepass by TCP/IP. So, I had an idea. Maybe someone could tell me if it's possible, and/or a good idea.
I was thinking of installing Keepass on a Raspberry Pi Zero, and configure the USB Port on the Pi to act like a network adapter. Make it something like 192.168.25.25. Then, configure the Firefox extension to access Keepass at 192.168.25.25. All one would need to do is plug in the Raspberry Pi Zero, and Keepass should be available at 192.168.25.25. This way, there is no database on the local computer to be stolen by a program like keefarce. The Pi Zero, with a cheap case, easily fits in a pocket or even on a keychain, costs $5, and can easily store all your passwords. Entering the password in the plugin should unlock the database, and there is little danger leaving the database unlocked until it's powered down and removed from the computer. The database always remains physically on the Raspberry Pi.
Thoughts?
The issue is not having your physical database stolen, it's losing control of KeePass / other programs.
A stolen database is effectively useless without the master key / password, but any malware on your computer can capture the data directly from your browser etc - https://sourceforge.net/p/keepass/discussion/329220/thread/75e6e7f7/
I dislike single hardware repositories because when they fail you lose your data. I prefer to stick to a copy on disk that I can backup / restore easily.
You could ask this question on the KeeFox plug-in website.
cheers, Paul
Thanks for the response Paul.
While I accept that a keylogger can access one or two passwords, my main concern is loss of security of a complete database of every password I use. People seem to fit in one of two categories. Either they want to protect a remote entity from accessing their passwords, or they want to protect from a local person physically accessing their passwords. As I use a bound paper book currently to store passwords, I'm firmly in the first category :) As for losing the device, 100% of passwords, database and OS are stored on a MicroSD card, which makes backing up a trivial task. I thought this could add many of the advantages of a Mooltipass, and add a way to counter Keefarce for those of us worried about it
I'm extremely new to Keepass. Can it be accessed entirely by an IP address? Is there a mechanism in Keepass that can prevent asking for every single password? Normally, one would not need more than one password every 10 seconds.
If you have proper security against the loss of one or two passwords then you have also protected against the loss of all passwords.
KeePass is not remotely accessible. A plug-in, like KeeFox, may be able to provide that ability - which is why I suggested you ask on the KeeFox site - but you still need to run KeePass under Windows to gain that ability.
KeePass does not limit access. It has some basic features, like prevent export, under policy - Tools > Options > Policy.
cheers, Paul