Cybersecurity

5388 readers

9 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

Uploading keepass database to the cloud? (feddit.cl)

submitted 1 year ago by vsis@feddit.cl to c/cybersecurity@sh.itjust.works

3 comments fedilink hide all child comments

Is it insecure to upload Keepass database to Google Drive, Dropbox or any other file service in the cloud?

I've read this answer in Security Stackexchange: https://security.stackexchange.com/a/45337

So, I feel kinda confident if a put a big number of PBKDF2 iterations, like 10.000.000, it should be OK.

My master password is based on diceware, but is not very very long because I need to remember it.

What do you people think about this?

top 3 comments

sorted by: hot top controversial new old

[–] FlagonOfMe@sh.itjust.works 1 points 1 year ago

I use KeePass and keep my database in the cloud. I use a key file that is never stored in the cloud in addition to my master password. You get a cloud backup of your database, and updates will sync to your devices if your cloud provider has a client that does that.

I actually don't sync it directly to my phone. I download a copy as needed. I also don't add passwords on my phone to my main database. I use a separate database for logins I create on my phone and import them once in a while on my PC. This is because Google Drive's sync on Android has been unreliable for me, though I haven't tried again in years.

I use KeePass DX on Android because it has a nice virtual keyboard so you don't have to use the clipboard, which is insecure. It also has a better UI with fingerprint unlocking.

[–] DevoidWisdom@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago)

I thought the better KDF was Argon2d because it's stronger against GPU attacks.

https://keepass.info/help/base/security.html

[–] PapyrusOsiris@reddthat.com 1 points 1 year ago* (last edited 1 year ago)

Syncthing solves this problem for me without my keyring being exposed to any outside servers.