The plan is to use an USB-stick as portable device, on which are stored a row of portable apps (mainly Thunderbird, Firefox, Pidgin...) and - of course - KeePass.
The KeePass database is encrypted, so it can be "as is" on the stick, but my other apps and apps-profiles are lying plain on the stick.
Therefore I plan to use a TrueCrypt container, to encrypt the apps and profiles.
Question is: Should I store the KeePass database in the TrueCrypt container too? Or is it safe enough on alone (I use a password and a key file with KeePass)?
If it can be left outside the container I could store the container-password too in the KP-database and dont have to remember it, that's the point. or is it?
Thanks for hints and answers
Martin
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I use my USB stick in order to store some confidential data.
The whole space is reserved for an encrypted TrueCrypt file and I put the Keepass software and database in the encrypted container.
The problem of this solution is that you have to remember two passwords : one for the truecrypt container (and the location of the keyfiles, optionally) and one for the database.
But if you put the keepass software outside the container, you could put the truecrypt password in the database and then just remember one password.
Hope it helps,
Cédric.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The KeePass database encryption is at least as good as Truecypt so you just need to ensure your KeePass password is sufficiently strong, then KeePass can be used to open Truecrypt.
cheers, Paul
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
There is a better solution that only requires one password. Here's what I do.
---------
This part is optional but recommended in case you need to access your passwords away from your computer
---------
Publish two pictures online on some photo hosting site that does not rename your image files and allows you to display your pictures in various sizes (Gallery2 sites are very good for this). Choose a non-default size to display your images and save the two images to a directory with other pictures such as your "My Pictures" directory. It's best to use generic file names like IMG0005.jpg since there are probably thousands of images with this name on the Internet.
---------
End optional part
---------
Create an encrypted volume on your flash drive. Use a strong password and one of your image files as a key file.
Save Keepass to your encrypted volume and create the Keepass DB in the volume as well. Secure your Keepass DB with the other image file but no password.
You only need to remember one password, even if someone finds your USB drive and somehow figures out your password, they'd still need to obtain your key files.
To simplify opening your encrypted volume and keepass, use Pstart and windows shortcuts which can pass command line parameters to Truecrypt and Keepass. This will however reveal the filenames and locations of your key files but the intruder would still need your password and physical access to your PC.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
"You hear about the problem with killed I-Value prozess?"
I-vault ;-)
Paul I mean your idea is wrong. TrueCrypt4.3a is more times examined military proof ciphering. Examined also by the best civilian cryptographers. With rock stable and 110% correct implementation.
KeePass is strong. Very strong. And very tricky. Great soft. But is KeePass realy comparable strong, in all aspects, as TrueCrypt?
I have no one password and I can no one remember. No, I dont have passwort managers. I have only a one hidden volume. With amongst other KeePass inside ;-)
For all-purposed idiots then filch my computer or my usb-stick, I can save my passwords in rot13. For all the others, I have KeePass on little usb-stick in hidden container.
The clipboard skills of KeePass are however great. And I hope they are for any man unbreakable ;-) But for KeePass I am not still 100% sure. For TrueCrypt I'm.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi there,
I was starting to think about the following:
The plan is to use an USB-stick as portable device, on which are stored a row of portable apps (mainly Thunderbird, Firefox, Pidgin...) and - of course - KeePass.
The KeePass database is encrypted, so it can be "as is" on the stick, but my other apps and apps-profiles are lying plain on the stick.
Therefore I plan to use a TrueCrypt container, to encrypt the apps and profiles.
Question is: Should I store the KeePass database in the TrueCrypt container too? Or is it safe enough on alone (I use a password and a key file with KeePass)?
If it can be left outside the container I could store the container-password too in the KP-database and dont have to remember it, that's the point. or is it?
Thanks for hints and answers
Martin
Hi,
I use my USB stick in order to store some confidential data.
The whole space is reserved for an encrypted TrueCrypt file and I put the Keepass software and database in the encrypted container.
The problem of this solution is that you have to remember two passwords : one for the truecrypt container (and the location of the keyfiles, optionally) and one for the database.
But if you put the keepass software outside the container, you could put the truecrypt password in the database and then just remember one password.
Hope it helps,
Cédric.
The KeePass database encryption is at least as good as Truecypt so you just need to ensure your KeePass password is sufficiently strong, then KeePass can be used to open Truecrypt.
cheers, Paul
"The KeePass database encryption is at least as good as Truecypt"
Yes? And the goodnes of the implementation is also as good as Truecrypt? I dont known... You?
You hear about the problem with killed I-Value prozess?
Thanks for answers!
So I will keep KeePass outside of my TC container.
Best wishes
There is a better solution that only requires one password. Here's what I do.
---------
This part is optional but recommended in case you need to access your passwords away from your computer
---------
Publish two pictures online on some photo hosting site that does not rename your image files and allows you to display your pictures in various sizes (Gallery2 sites are very good for this). Choose a non-default size to display your images and save the two images to a directory with other pictures such as your "My Pictures" directory. It's best to use generic file names like IMG0005.jpg since there are probably thousands of images with this name on the Internet.
---------
End optional part
---------
Create an encrypted volume on your flash drive. Use a strong password and one of your image files as a key file.
Save Keepass to your encrypted volume and create the Keepass DB in the volume as well. Secure your Keepass DB with the other image file but no password.
You only need to remember one password, even if someone finds your USB drive and somehow figures out your password, they'd still need to obtain your key files.
To simplify opening your encrypted volume and keepass, use Pstart and windows shortcuts which can pass command line parameters to Truecrypt and Keepass. This will however reveal the filenames and locations of your key files but the intruder would still need your password and physical access to your PC.
"You hear about the problem with killed I-Value prozess?"
I-vault ;-)
Paul I mean your idea is wrong. TrueCrypt4.3a is more times examined military proof ciphering. Examined also by the best civilian cryptographers. With rock stable and 110% correct implementation.
KeePass is strong. Very strong. And very tricky. Great soft. But is KeePass realy comparable strong, in all aspects, as TrueCrypt?
I have no one password and I can no one remember. No, I dont have passwort managers. I have only a one hidden volume. With amongst other KeePass inside ;-)
For all-purposed idiots then filch my computer or my usb-stick, I can save my passwords in rot13. For all the others, I have KeePass on little usb-stick in hidden container.
The clipboard skills of KeePass are however great. And I hope they are for any man unbreakable ;-) But for KeePass I am not still 100% sure. For TrueCrypt I'm.