What I’ve been doing: >Keepass file synced in Google Drive >Keepass on Windows to access it (block from internet through firewall) >Keepassdroid on Android to access it (app doesn’t use network access)
Anyway, it’s gone pretty well up to now. Google account protected by 2-f, Google account has good hygeine (no third party ‘apps’ have access to it), strong keepass password. Even if someone stole my phone, phone is locked and keepass file has password. And if someone stole my latop, Windows is password protected, the hard disk itself is password protected, as is BIOS. Then of course the keepass file is also protected. And on both phone and laptop the app is blocked from connecting to the net.
But things have changed and now I’m reconsidering the whole system.
Firstly the Sup Forums malware, plus Windows 10 being such a buggy POS anyway that’s getting worse, finally has made me jump to Ubuntu. Switched docs from Google Drive to Dropbox. No biggie.
But the Linux Keepass forks are just that. Forks. Only the Windows program is official, only the Windows program has been audited. I don’t understand code. But even if I did, I can’t comb through it every fucking time. Combine that with the fact that I can’t block single programs from the internet, like I could in Windows through the firewall. Hmm. How do I know if the keepassx or keepassxc forks aren’t copying all my entries and sending them home? I’m starting to think that with all the details I have there, seriously important passwords, including banking, I really shouldn’t be trusting amateur software just because they talk a good game. Maybe I shouldn’t have been doing it this whole time...
But what are the alternatives? Lastpass? Fuck that, they could get hacked again, it wouldn’t even be my error, it would be some Silicon Valley soyboys’ fault, but I would get fucked. I think it’s stupid to entrust them with my safety.
contd…
Blake Wood
...contd
I’m seriously considering two options now. >1) Offline, handwritten. Pros: zero chance of getting hacked. 100% cyber-safe. Cons: Meatspace vulnerability. If we get burgled, I’m fucked. I mean I would be fucked anyway, but losing all my digital keys (and some nigger getting them) would turn a disaster into catastrophe. Also when I’m out, at work, abroad, etc, I’m without my paswords. >2) Having them typed out in a plain .odt doc, and have that in GoogleDrive/Dropbox. Hear me out. Yes it may not be as polished as a keepass file. But maybe the trick here is to minimize exposure as much as possible. Reduce vectors, reduce surface area attack. The problem with the Keepass thing now is that everything goes through this amateur software that I have no idea how to audit. It hadds an unknown quantity to to chain. I’m pretty sure that no thief/hacker can get into my GoogleDrive/Dropbox as it stands. So why not just have the passwords plainly there, and cut Keepass out of the equation?
What does Sup Forums think? I’m stressed out about this now. (reposted because fucked up formatting)
Adrian Moore
If you're seriously worried about it, make a new keyfile with all the security autism turned up to 11 (ChaCha20 and Argon 2). You're worried about what exactly? There's nothing wrong with a keepass file structure or encryption. As long as you store the keyfile offline there shouldn't be any issue.
Paper and pen? That's horrible for many reasons, are you seriously going to type in- by hand- a 20 digit random alphanumeric password for each webservice each time? Fuck no, that's the whole point of keepass.
The method I've used is: 1.) keepass with a long master password 2.) backup keyfile to another local source only 3.) setup long, random passwords for each internet service. 4.) Disable log-on saving in the browser 5.) Stop using google.
That should prevent 99.9999% of wannabe attackers from gaining access to your gaia account.
Hunter Jenkins
>So why not just have the passwords plainly there, and cut Keepass out of the equation? >Having no encryption is better than having potentially (but not likely) broken encryption. There's an argument to be made about false sense of security, but I don't think that applies here. What makes you think your google drive/dropbox is invulnerable? Or that you'll never accidentally leave it logged in on a system someone else has access to? And that's not even considering the possibility that google/dropbox willingly hands the contents over to somebody (i.e. subpoena or malicious employee). Why not keep them in a keepass db in your dropbox instead of a text file?
Carson Gomez
) Offline, handwritten. >Pros: zero chance of getting hacked. 100% cyber-safe
Jordan Hall
I'm scared that the software is a trap. I'm confident I can keep the file safe. But when opened, how do I know a keepass fork isn't copying entries from inside the database and sending them somewhere? like i said, i have no idea how to audit code. And in Linux I can't specifically block that program from accessing the internet like I could in Windows.
Jace Wood
If you're not already you should use a keyfile as well as your password so even if someone did get access to gdrive or dropbox they couldn't just bruteforce the password
Easton Miller
First of all, Google drive is doing exactly that. Why do you think it exists? So they can mine the data you put up there. Second, you have no reason to believe OpenOffice is not. It's at least as likely, if not more, to phone home for whatever reason, and the codebase is far larger and harder to audit than KeePass.
It's not difficult to detect network activity. If keepass was phoning home, one of the millions of other users of it would have most likely noticed. If you're that worried about it, the solution is to learn how to monitor it yourself, not to adopt a known bad practice because you believe (incorrectly) that you understand it better.
Dylan Martin
Just to be crystal. Fucking. Clear.
You don't trust Keepass (a fully offline program) to not somehow, someway be transmitting your data to (((them))), but you trust Google Drive (a fully online platform) not to be de-duplicating your data and giving access to the NSA? Am I understanding you correctly?
Oliver Taylor
>not using bitwarden >literally lastpass but open sores
Julian Jones
literally tailsOS with persistence on a large capacity USB if its that serious
Charles Ramirez
Like I said, I'm not worried about someone breaking onto my account/hardware to get the file. Nor am I worried about anyone cracking the file. I'm worried about the Keepass programs themselves, and what they might be doing with the data.
this isn't about DA GUBBAMINT or (((them))). The is about slav hackers and pajeet thieves.
Levi Powell
In just saying, better to be safe especially when using cloud storage
(Im the keyfile guy)
Luis Allen
If you're that scared about how to store your keyfile, then encrypt it using gpg and use something like syncthing to sync it securely online.
Hunter Perez
What a shit blog post
Ayden Brown
Holy shit OP, you are autistic, first of all, you can block internet access on Linux with a firewall if you want, learn iptables or install Uncomplicated Firewall (ufw and its GUI, gufw)/firewalld. Hell, if you are that paranoid, throw KeePassXC in a sandbox.
Eli Gonzalez
chrome saves all your passwords for you stop being a retarded faggot
Ian Wilson
>using a password manager called Keep Ass
Adrian Morgan
Very helpful replies. Cheers guys
Nicholas Perry
>Windows found your problem
Owen Howard
> not having an encoding scheme for passwords so you can write them wherever and always be safe Why have it any other way?
Hunter Thompson
maybe try self-hosting bitwarden?
David Collins
my solution is pass, using a diceware passphrase, with syncing via my own git server hosted on a rpi. works for my loonix and android machines, and since i try not to use other machines to log in to my shit, it works for me. add to that extensions that are easy to add (otp, autotype,etc) and it's been treating me great. used to use lastpass before migrating to keepass2/x, and finally landed on this.
Samuel Brown
Just use whatever and turn on two factor on goddamn everything
I use LastPass Nobody accesses my accounts It just works
