What would it take to feel safe using a password manager with a DB file in the open?

mortoray profile image edA-qa mort-ora-y Jul 17, 2017

AKA, what type of encryption would you trust to store ultra-private information in a public location?

One of my limitations to using a password manager has been the centralization of the DB file. I use several machines with varying OS's. I need to create/change passwords frequently but then have to worry about sync'ing the DB file.

If we put the DB in "the cloud" somewhere we could solve the sync problem. Sure, we could have a user/pass protected service, but I place no trust in the service provided actually keeping this file hidden. So let's treat this information as essentially publically accessible.

Given that it's a central file to all my other accounts, what type of encryption would be suitable to protect it?

markdown cheatsheet

I have no problem putting a KeePass database on Google Drive. It's encrypted with AES-256 and GZip compressed. Of course, my Google Drive is also behind a reasonably strong password and 2-factor authentication. My phone is also behind a reasonably secure PIN.

In order to compromise my password database, you would need to:

(1) Have physical access to my phone, know my PIN, and know my passphrase for my KeePass database.

(2) Have access to my Google account (through a password and 2FA) and know my passphrase for my KeePass database.

(3) Manage to steal my KeePass database from Google and know my passphrase for my KeePass database. However, if Google is compromised, I think there are bigger problems and more interesting things than my password database.

I love KeePass.

KeePass also supports a key file in addition to a database password. If I'm traveling I'll store my password database on Google Drive (secured by 2FA), delete it from my computer, and carry the key file with me (One copy on my laptop and one on a usb key stowed elsewhere, so if my laptop is lost I'm not stuck)

Then if somehow my Google Drive and master password are both compromised, my passwords are still encrypted. And if my laptop is stolen in transit, I don't have passwords stored on it, just a key file that is useless on its own.

I am not certain but there is probably a plugin to use a hardware token, if it's not natively supported.

Some of this is also good advice.

Personally, I don't see a need to use a key file over a passphrase or delete the local copy from my phone or computer. All of my devices are encrypted when off and would be off when they are not in my possession, so any bad actors would need to not only make a copy of the device storage, but also either know that password/pin or be able to break the encryption. There are a number of places where I simply wouldn't bring my normal phone or computer anyway, and the issue becomes a non-issue.

Regardless of if you are using a passphrase or not, your KeePass database should always be securely encrypted. I find it much easier to protect a secure password or passphrase than a key file. You start running into problems with a small number of keys that, if compromised, affect many things or a large number of key files that need to be managed.

I think you are right, it's perfectly fine to have the file just sitting there as long as it is properly encrypted. That is the point of encryption after all. I would like to note that the mode matters too. Not all AES modes are created equally. GCM is pretty much the standard for this sort of use case, but I would like to encourage people to deep dive into the different options.

1Password can sync with Dropbox.

In terms of actually implementing password encryption, I wrote a terminal-based password manager earlier this year and after a lot of research I decided upon AES-256 with GCM and Scrypt. This is very similar to what 1Password uses, but @they use something else instead of scrypt.

Here is an example Go implementation of AES-256 with GCM and Scrypt (actual encryption algorithms implemented by the Go team): @github.com/evantbyrne/cryptdir