So, I'm interested in a solution like DropBox; automatic sync and backup sounds perfect. The obvious problem is that my database is then exposed to the world. Even with a good password and a deliberately-slow decryption algorithm, it's conceivable that someone who obtained the database (by hacking my account or hacking DropBox's servers) could break it. Especially with increases in cpu power, gpu clusters, etc. I want my database to be unbreakable if it's going to be in the cloud, or at least as strong as TLS etc (and probably more; TLS has holes).
Currently, the approach that I'm considering is to add a key file requirement to my database, in addition to the password, and manually copy the key file to all my devices. That should massively increase my database's resistance to brute force attacks, putting it into the realm of serious encryption, without requiring regular manual synchronisation (since the key won't change).
My questions at this point are:
- Has anyone tried this (database in cloud, key outside it)? If so, what was your experience?
- Are there any gaping flaws that I've overlooked?
- Since I've already used a strong password, and increased the encryption rounds to the point where it takes a short-but-measurable time to legitimately open the database, am I being too paranoid to think that it's unsafe without something extra like a key file?