[4096]

I would consider it not safe because it was on of the companies mentioned on the NSA slides. You can still sync your Keepass(x) file with Dropbox if you have a good password (key file is recommended) on the database file.

Instead of Dropbox you can also use https://spideroak.com/ They have a really handy program which let you control a lot of things and they are a "zero knowledge" cloud provider, all your data is encrypted. Snowden recommends them: http://www.theguardian.com/technology/2014/jul/17/edward-sno... For $12 dollar a month you get 1 TB, which you can use as a safe off-site backup location.

[gecko]

Note that, while SpiderOak is arguably more secure than Dropbox, they rely on a hybrid security model wherein they still have your encryption key on their server, but encrypted with your local password. This matters because if your password is ever compromised, however briefly—say, by using the mobile app or the website, neither of which are supported in a secure manner (they make this very clear)—then all your data would be permanently compromised, with no way to rotate your keys and re-encrypt your data before someone gets access to it, short of blowing out your account. I get why things work this way, but still, yuck.

[tombrossman]

Also worth pointing out that neither Dropbox nor SpiderOak are fully open-source, so you are having to place some degree of 'blind trust' in either service. It is in their own best interests to have great security so that customers trust the product, but this cannot be verified by someone outside the company.

[implicit_none]

SpiderOak'er here; as a reminder, we also offer Encryptr, our own password manager: https://spideroak.com/solutions/encryptr

Which itself _is_ open source: https://github.com/SpiderOak/Encryptr

[flanbiscuit]

Been using this for a while and I'm liking it so far.

When are exporting and offline access coming?