| The only complicated part of this method is securing the key, and the key is definitely required or you may as well just save it as plain text. You sync your DB across multiple cloud services, and to decrypt you use a weak master pass and strong key. I've been struggling with how to move that key around. .1) Put it on a USB drive or hide it in your filesystem. This is cumbersome and losing the drive could be disastrous. It's also trivial to scan a filesystem for key-like files. .2) Use an authentication dongle. This one is better but requires third party hardware in most cases, and is slightly expensive. .3) Bluetooth/NFC to your device. This can be intercepted at extended ranges as proven at defcon etc. Though is admittedly the most convenient method. The data can be signed, but I haven't seen anything out there that implements this well just yet. .4) Timed one time passwords, PushBullet etc. This feels like a bonus feature. I'm not sure how to go about this. You lose or leak the key then you're screwed. Is there a wristwatch or phone app with signed credential sharing based on wearer input, compatible to a standard? |