Is it insecure to upload Keepass database to Google Drive, Dropbox or any other file service in the cloud?

I’ve read this answer in Security Stackexchange: https://security.stackexchange.com/a/45337

So, I feel kinda confident if a put a big number of PBKDF2 iterations, like 10.000.000, it should be OK.

My master password is based on diceware, but is not very very long because I need to remember it.

What do you people think about this?

    • amanwithausername@vlemmy.net
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Syncthing is great. Servers are overrated anyway, I would rather everything be peer-to-peer wherever possible. Currently working on a script to integrate calcurse with DecSyncCC so I can keep my calendar synced between my laptop and phone without a server!

    • vsis@feddit.clOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      wooo didn’t know about that. I’m going to read about it. If it doesn’t require a home server, it suits my needs

    • vsis@feddit.clOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      Turns out this was exactly what I needed. I have no idea Syncthing was a thing. So, thanks a lot.

  • Alatarius@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    I keep mine in the cloud but I also have a key file attached to it. That is not kept in the cloud so at least I have some security if the cloud service gets hacked and my password is 57 characters long.

  • FlagonOfMe@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I use KeePass and keep my database in the cloud. I use a key file that is never stored in the cloud in addition to my master password. You get a cloud backup of your database, and updates will sync to your devices if your cloud provider has a client that does that.

    I actually don’t sync it directly to my phone. I download a copy as needed. I also don’t add passwords on my phone to my main database. I use a separate database for logins I create on my phone and import them once in a while on my PC. This is because Google Drive’s sync on Android has been unreliable for me, though I haven’t tried again in years.

    I use KeePass DX on Android because it has a nice virtual keyboard so you don’t have to use the clipboard, which is insecure. It also has a better UI with fingerprint unlocking.