KeePass pasword vault

**ninja|oaklandr** · 07-05-13, 01:21 AM

I can't remember why, but I chose mSecure awhile back. There was something with Keypass I didn't like. I just can't remember. Maybe it was the customization.

Either was mSecure works for me. I have the database stored in my dropbox and use it with my Android.

**WileECyte** · 07-05-13, 02:46 PM

Putting ANYTHING like a password database on dropbox is just plain stupid. Dropbox has had more security issues in the last few years than you can shake a stick at. They suck at security and I wouldn't ever trust them with anything I valued, especially not a database (encrypted or not) containing all my passwords.

**hannibal** · 07-05-13, 03:17 PM

Originally Posted by WileECyte

Putting ANYTHING like a password database on dropbox is just plain stupid. Dropbox has had more security issues in the last few years than you can shake a stick at. They suck at security and I wouldn't ever trust them with anything I valued, especially not a database (encrypted or not) containing all my passwords.

Idk, I think it depends on your level of paranoia. If you don't want anyone to be able to find your passwords then by all means. However my goal is 99% security, I want someone to be targeting me using custom algorithms on big iron in order to break into my accounts. Honestly I don't think I have pissed off anyone that much. A multi-factor Keepass database on Dropbox could only be cracked by someone truly dedicated not a script kiddie or wannabe.

-H

Sent from my Transformer TF101 using Tapatalk 4 Beta

**WileECyte** · 07-05-13, 03:22 PM

Originally Posted by hannibal

Idk, I think it depends on your level of paranoia. If you don't want anyone to be able to find your passwords then by all means. However my goal is 99% security, I want someone to be targeting me using custom algorithms on big iron in order to break into my accounts. Honestly I don't think I have pissed off anyone that much. A multi-factor Keepass database on Dropbox could only be cracked by someone truly dedicated not a script kiddie or wannabe.

-H

Sent from my Transformer TF101 using Tapatalk 4 Beta

Hacking is big business now a days. You'd be surprised what they'll pay for account credentials... If a widespread hack happened on Dropbox (as has happened previously) then the very people you refer to could very well get ahold of your keepass database and crack into it. They can sell accounts at e-retailers, social networking sites, e-mail sites, etc for big money.

**hannibal** · 07-05-13, 03:25 PM

Obligatory XKCD:

-H

**hannibal** · 07-05-13, 03:31 PM

Originally Posted by WileECyte

Hacking is big business now a days. You'd be surprised what they'll pay for account credentials... If a widespread hack happened on Dropbox (as has happened previously) then the very people you refer to could very well get ahold of your keepass database and crack into it. They can sell accounts at e-retailers, social networking sites, e-mail sites, etc for big money.

In the case of a massive hack they are looking for low hanging fruit, my passwords are not nearly as valuable as you imply. Certainly not worth the processing power it would take to crack the database. Key recovery is a computationally expensive business, not beyond the capability of a dedicated party, but requiring sufficient effort that most criminals will not engage in it for one persons set of passwords, unless they are much more important than myself.

-H

**hannibal** · 07-05-13, 03:45 PM

Something interesting to read is the security features to Keypass:

Security - KeePass

256 bit AES is almost impossible to brute force (with current hardware). I would doubt that any criminal organization is going to break 256bit AES and use it on my passwords since it would be worth a lot more to sell that crack on its own.

-H

**WileECyte** · 07-05-13, 03:57 PM

Originally Posted by hannibal

Something interesting to read is the security features to Keypass:

Security - KeePass

256 bit AES is almost impossible to brute force (with current hardware). I would doubt that any criminal organization is going to break 256bit AES and use it on my passwords since it would be worth a lot more to sell that crack on its own.

-H

I wouldn't trust anything, encrypted or not, to DropBox. They have zero clue about security. I'd just as soon use Google Drive than Dropbox anyday, and I don't really trust Google either. Personally, I use Password Safe (originally developed by Bruce Schneier) and keep a copy of my safe on my phone's internal storage. I sync it up every so often with the copy I have on my home PC. I'd much rather have full control over all the places my password databases are stored.

**Partyball** · 07-05-13, 04:42 PM

Originally Posted by hannibal

In the case of a massive hack they are looking for low hanging fruit, my passwords are not nearly as valuable as you imply. Certainly not worth the processing power it would take to crack the database. Key recovery is a computationally expensive business, not beyond the capability of a dedicated party, but requiring sufficient effort that most criminals will not engage in it for one persons set of passwords, unless they are much more important than myself.

-H

Sounds like a challenge to me.

**Partyball** · 07-05-13, 04:44 PM

Originally Posted by hannibal

Something interesting to read is the security features to Keypass:

Security - KeePass

256 bit AES is almost impossible to brute force (with current hardware). I would doubt that any criminal organization is going to break 256bit AES and use it on my passwords since it would be worth a lot more to sell that crack on its own.

-H

True but not too many people spend the time to brute force anymore. There are better ways to get the info you need faster.