[mariusmg]

>Dropbox

Honest question, but pushing your KeepassXC db into Dropbox shouldn't raise some red flags from a security perspective ? If "somebody" gets your encrypted db, they can rainbowtable the crap out of it to unlock it.

To me it seems by using Dropbox you just add another sizeable attack surface.

[hanbura]

To me the entire point of a password manager is to solve password reuse. I can only remember a small number of high-quality passwords. I use one of those to secure my password manager, and I consider that password good enough to be unbreakable even if stored with a simple unsalted hash (and I know KeePass does much better).

I would be comfortable hosting my password file publicly. Any benefits from Dropbox authentication are just defense in depth (and privacy benefits).

[zaarn]

They can't. Keepass uses a Salt (and Nonce) for the key derivation. Modern settings also include Argon2 (which I have enabled for my DB), which excludes everything but CPUs from efficient cracking.

The DB attack surface is to some extend expected to be eventually obtained by an attacker. As long as your master password is nice and long, they "can't do shit" for a long long long while.

[paulryanrogers]

True, and SQRL has a similar weakness. Keepass does offer some choice in rounds and algorithm. So that can offer some protection.

[staticassertion]

I don't see how Dropbox is related to rainbow tables - presumably KeepassX uses a salt.