Hacker News new | ask | show | jobs
by hanbura 3009 days ago
If anything, I would have said that KeePass provides too many ways to sync devices...

KeePass has a feature to sync two files, and can access a variety of network storages. That's not one turn-key solution, but it covers just about everything. Meanwhile I simply store the file in my Dropbox because I don't do concurrent edits and it's slightly more convenient that way
2 comments
laurent123456 3008 days ago
Yes but does it sync with Firefox browser directly on Android? I'm using Keepass2Android which is not that convenient. Direct integration in the browser like what Mozilla is doing would be better.
link
hanklazard 3009 days ago
Agreed. Dropbox + KeepassXC has been a great combo for me.
link
mariusmg 3009 days ago
>Dropbox

Honest question, but pushing your KeepassXC db into Dropbox shouldn't raise some red flags from a security perspective ? If "somebody" gets your encrypted db, they can rainbowtable the crap out of it to unlock it.

To me it seems by using Dropbox you just add another sizeable attack surface.

link
hanbura 3008 days ago
To me the entire point of a password manager is to solve password reuse. I can only remember a small number of high-quality passwords. I use one of those to secure my password manager, and I consider that password good enough to be unbreakable even if stored with a simple unsalted hash (and I know KeePass does much better).

I would be comfortable hosting my password file publicly. Any benefits from Dropbox authentication are just defense in depth (and privacy benefits).

link
zaarn 3007 days ago
They can't. Keepass uses a Salt (and Nonce) for the key derivation. Modern settings also include Argon2 (which I have enabled for my DB), which excludes everything but CPUs from efficient cracking.

The DB attack surface is to some extend expected to be eventually obtained by an attacker. As long as your master password is nice and long, they "can't do shit" for a long long long while.

link
paulryanrogers 3008 days ago
True, and SQRL has a similar weakness. Keepass does offer some choice in rounds and algorithm. So that can offer some protection.
link
staticassertion 3009 days ago
I don't see how Dropbox is related to rainbow tables - presumably KeepassX uses a salt.
link