Securing cloud backup of password database

[Thrawn]

I use KeePass Password Safe to manage my passwords, which is working, but I'm finding that I need to synchronise my database across multiple devices frequently. Currently my USB drive is a de facto master copy, but that's not reliable; too easy to lose, leave at home, or just have drive failure, and I have to copy files manually every time I make a change. And if I don't have access to it when I need to create a new password, then I'll have to change the local copy, and potentially do a manual sync later (not fun ).

So, I'm interested in a solution like DropBox; automatic sync and backup sounds perfect. The obvious problem is that my database is then exposed to the world. Even with a good password and a deliberately-slow decryption algorithm, it's conceivable that someone who obtained the database (by hacking my account or hacking DropBox's servers) could break it. Especially with increases in cpu power, gpu clusters, etc. I want my database to be unbreakable if it's going to be in the cloud, or at least as strong as TLS etc (and probably more; TLS has holes).

Currently, the approach that I'm considering is to add a key file requirement to my database, in addition to the password, and manually copy the key file to all my devices. That should massively increase my database's resistance to brute force attacks, putting it into the realm of serious encryption, without requiring regular manual synchronisation (since the key won't change).

My questions at this point are:

• Has anyone tried this (database in cloud, key outside it)? If so, what was your experience?
• Are there any gaping flaws that I've overlooked?
• Since I've already used a strong password, and increased the encryption rounds to the point where it takes a short-but-measurable time to legitimately open the database, am I being too paranoid to think that it's unsafe without something extra like a key file?

[Tom T.]

I think you already know my feelings on the subject: My pw db never leaves my physical possession, for all of the reasons you cited, and more. (Corrupt/extorted employee?)

Perhaps encrypt the db with TrueCrypt *before* sending it over the wire. They'd have to break that (highly unlikely) regardless of what flaws were found or exploited at the server. Keep the TC key handy near each device, or in your wallet or whatever -- or perhaps a memorizable acronym or Diceware phrase, so you can keep it in your head. (And write down somewhere, just in case.)

I have to copy files manually every time I make a change.

IDK anything about *nix, but surely they have the equivalent of MS-DOS batch scripts, to automate the process? That's how I do mine.

[Thrawn]

I think you already know my feelings on the subject: My pw db never leaves my physical possession, for all of the reasons you cited, and more. (Corrupt/extorted employee?)

Yes, in letting my database go to the cloud, I would assume that at some point, someone could get a copy.

Perhaps encrypt the db with TrueCrypt *before* sending it over the wire. They'd have to break that (highly unlikely) regardless of what flaws were found or exploited at the server. Keep the TC key handy near each device, or in your wallet or whatever -- or perhaps a memorizable acronym or Diceware phrase, so you can keep it in your head. (And write down somewhere, just in case.)

I'm confused. KeePass already has strong encryption built in. Is TrueCrypt any stronger/better? And having a strong password and separate key file is what I was originally suggesting, and asking for feedback on...

If it was Password Safe we were talking about, would there be a need for TrueCrypt? KeePass is *very* similar.

I have to copy files manually every time I make a change.

IDK anything about *nix, but surely they have the equivalent of MS-DOS batch scripts, to automate the process? That's how I do mine.

Certainly . Much more powerful than batch scripts, in fact. But when I'm dealing with 3+ computers and my USB drive, that would get to be a pain.

[Tom T.]

Perhaps encrypt the db with TrueCrypt *before* sending it over the wire. They'd have to break that (highly unlikely) regardless of what flaws were found or exploited at the server. Keep the TC key handy near each device, or in your wallet or whatever -- or perhaps a memorizable acronym or Diceware phrase, so you can keep it in your head. (And write down somewhere, just in case.)

I'm confused. KeePass already has strong encryption built in. Is TrueCrypt any stronger/better?

Not necessarily any better, but the point was that, as you agreed in the part I didn't copy here, the server's company (or a MITM, etc.) may have access at some point to your db and key. Since TC is done only on your local machine, before it hits the wire, then access to your TC key is not a factor in the safety equation. Sort of the equivalent to my keeping my encrypted db on my own machine only - you've added a method that never leaves your machine.

And having a strong password and separate key file is what I was originally suggesting, and asking for feedback on...

I'm afraid that since IDK the actual mechanics of KeePass, I wasn't quite sure what you meant, or where it would be stored. If you were talking about an additional *local* crypto layer and key, like TrueCrypt, then it's the same. If any of it is stored on their servers, then the same risks apply, I think. Sorry that I did not understand the proposal thoroughly.

If it was Password Safe we were talking about, would there be a need for TrueCrypt?

No, because PWS is not in the cloud. All I need are the usual precautions against letting anyone access *my own* machine, although they'd still not find the PWS key -- it's locked up in the head. Rubber hose, perhaps ... Shall I send you my db, and let you try to open it?

KeePass is *very* similar.

I'm sorry that IDK much about it, except that another cloud provider, LastPass IIRC, had an XSS vuln or something about a year (?) ago.

I have to copy files manually every time I make a change.

IDK anything about *nix, but surely they have the equivalent of MS-DOS batch scripts, to automate the process? That's how I do mine.

Certainly . Much more powerful than batch scripts, in fact. But when I'm dealing with 3+ computers and my USB drive, that would get to be a pain.

Can you VPN into them, SSH, whatever?

Still, IMHO two clicks on a .bat is a lot easier than dragging/dropping files on each machine, esp when a date switch auto-compares for most recently dated, so that you don't have to.

[Thrawn]

Ok, to clarify: the key file would not be in the cloud. It would be manually copied to wherever I needed it. So, someone might extract my database from DropBox, but I'm counting on them not getting my key without compromising my machine (in which case, I'm back to relying on my password).

Any thoughts on this?

[Thrawn]

Ah, I think that I see the reason for the confusion: a difference between KeePass and Password Safe.

As well as using a master password, KeePass has an extra option to generate a key file for your database. This file contains a long string of random characters, and is used to encrypt the database in conjunction with your password, giving you a composite master key of something-you-know and something-you-have. The plan in this case is to keep this key file offline, manually copying it as needed - which should happen just once, since it won't change (and I can keep it on my USB drive) - while allowing the database to go into the cloud. My thoughts are that without the key file, the database is all but unbreakable, so this should theoretically mean that I can gain the convenience of automatically syncing my database without a real risk of compromise.

Does that sound reasonable? Am I making any obvious mistakes?

PS Sorry Tom, but I think that this feature is sufficient motivation for me to stick with KeePass for now, rather than migrating to PWS.

[Tom T.]

Thanks for clarifying. I didn't get that the key file would not go to the cloud.
One last question: Is the key file itself stored in encrypted fashion? If so, I think you're good to go.
Else, as little as a lost thumb drive -- it happens -- or someone breaching this unencrypted file weakens this protection back to where it was before, AFAICT.
Am I mistaken?

No apologies! Not trying to sell you on PWS! It's just that because one of the world's best cryptographers played a hand in designing it, I think they got it right.

[Thrawn]

Thanks for clarifying. I didn't get that the key file would not go to the cloud.
One last question: Is the key file itself stored in encrypted fashion? If so, I think you're good to go.
Else, as little as a lost thumb drive -- it happens -- or someone breaching this unencrypted file weakens this protection back to where it was before, AFAICT.
Am I mistaken?

No, you're right, and it's a good point. I could try things like generating a hundred key files to obfuscate it, I suppose...but since this would still be no weaker than my current setup, I think I'm ok with the risk. In fact, if the use of DropBox means that I no longer need to keep the database itself on my usb drive, then it would still be stronger than at present, because the key and database could only be found together on my computers. An attacker would have to separately compromise my usb drive *and* DropBox to get both parts.

No apologies! Not trying to sell you on PWS! It's just that because one of the world's best cryptographers played a hand in designing it, I think they got it right.

No argument here. PWS is on my radar for the unfortunate possibility of versions of KeePass without .NET becoming obsolete...I'll never use that framework for my password database while I have any other choice.

[Tom T.]

.... PWS is on my radar for the unfortunate possibility of versions of KeePass without .NET becoming obsolete...I'll never use that framework for my password database while I have any other choice.

I don't have that framework installed at all, and I've never missed it. Given the long list of MS security updates to .NET, I'd be frightened to use that to store something as precious as a pw db. -- Agree on leaving KP if they do that, and PWS is certainly worthy of a radar blip.

Cheers!

[leyonchung]

Dropbox! Yes it is a good option to consider but it does not offer password encrypted database, I believe. Although I am not a tech savvy to answer the technicalities of this system . But my suggestion would be to choose a reliable cloud backup services option like Mozy, Carbonie and Crashplan.

Source: www(dot)cloudreviews(dot)com/blog/cloud-backup-services