Bitcoin Forum
December 06, 2016, 04:15:29 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: How safe is it to store a KeePassX file on dropbox?  (Read 3975 times)
elements
Full Member
***
Offline Offline

Activity: 182


View Profile
August 26, 2011, 05:02:02 PM
 #1

Hi Guys (and gals),

since my almost brandnew mac crashed (with my non backuped keepassx-files)
I was wondering how safe it is in your opinion to store such a file in dropbox.

(not using a keyfile but only using a master key word)?

Any ideas?

»A common mistake that people make when trying to design something completely foolproof was to underestimate the ingenuity of complete fools.« - Douglas Adams
Use the trusted German Bitcoin exchange: https://www.bitcoin.de/de/r/5wcwts
Tips & donations: BTC : 1MAQYNLp2VJ9wWhPYg5BnrbUGzdhGXopZw | CGB: 5bgQivyHJcSWTgvLfVW87Zj23M7mcFCVBF
1481040929
Hero Member
*
Offline Offline

Posts: 1481040929

View Profile Personal Message (Offline)

Ignore
1481040929
Reply with quote  #2

1481040929
Report to moderator
1481040929
Hero Member
*
Offline Offline

Posts: 1481040929

View Profile Personal Message (Offline)

Ignore
1481040929
Reply with quote  #2

1481040929
Report to moderator
1481040929
Hero Member
*
Offline Offline

Posts: 1481040929

View Profile Personal Message (Offline)

Ignore
1481040929
Reply with quote  #2

1481040929
Report to moderator
Bitcoin mining is now a specialized and very risky industry, just like gold mining. Amateur miners are unlikely to make much money, and may even lose money. Bitcoin is much more than just mining, though!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481040929
Hero Member
*
Offline Offline

Posts: 1481040929

View Profile Personal Message (Offline)

Ignore
1481040929
Reply with quote  #2

1481040929
Report to moderator
1481040929
Hero Member
*
Offline Offline

Posts: 1481040929

View Profile Personal Message (Offline)

Ignore
1481040929
Reply with quote  #2

1481040929
Report to moderator
Saturn7
Full Member
***
Offline Offline

Activity: 146



View Profile
August 26, 2011, 05:11:45 PM
 #2

I personally assume that anything I put on dropbox isn't 100% safe.
It's just a matter of time until somebody figures out a weakness in the system even if its temporary.

First there was Fire, then Electricity, and now Bitcoins Wink
elements
Full Member
***
Offline Offline

Activity: 182


View Profile
August 26, 2011, 05:47:45 PM
 #3

I personally assume that anything I put on dropbox isn't 100% safe.
It's just a matter of time until somebody figures out a weakness in the system even if its temporary.

I don't assume Dropbox to be secure at all. Just a few hours after the Goxed-incident dropbox let their guard down for full two hours. I consider Dropbox to be extremley UNsafe.

What I meant was how secure you guys think the encryption of the keepassx database is?
(using an extra safe master-password of course)


»A common mistake that people make when trying to design something completely foolproof was to underestimate the ingenuity of complete fools.« - Douglas Adams
Use the trusted German Bitcoin exchange: https://www.bitcoin.de/de/r/5wcwts
Tips & donations: BTC : 1MAQYNLp2VJ9wWhPYg5BnrbUGzdhGXopZw | CGB: 5bgQivyHJcSWTgvLfVW87Zj23M7mcFCVBF
kwukduck
Legendary
*
Offline Offline

Activity: 1564


View Profile
August 26, 2011, 06:14:33 PM
 #4

Afaik they use AES-256 standard so it should be safe for a while, maybe there's a bug in the implementation though... check the source if you don't trust it.

14b8PdeWLqK3yi3PrNHMmCvSmvDEKEBh3E
defxor
Hero Member
*****
Offline Offline

Activity: 530


View Profile
August 26, 2011, 06:17:25 PM
 #5

Use http://lastpass.com for passwords and http://wuala.com for files. Both encrypt client-side and are thus provably secure.

Dropbox is a joke.
FlipPro
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
August 26, 2011, 06:45:52 PM
 #6

Just keep your damn coins stored offline in a USB. What is so hard about that?

Tweet For Coins http://uptweet.com
elements
Full Member
***
Offline Offline

Activity: 182


View Profile
August 26, 2011, 07:25:45 PM
 #7

Use http://lastpass.com for passwords and http://wuala.com for files. Both encrypt client-side and are thus provably secure.

Dropbox is a joke.


Thanks for the Wuala tip. but lastpass...? I don't know.

http://downloadsquad.switched.com/2011/02/27/lastpass-xss-vulnerability-found-website-and-browser-add-ons-af/2


So, back to the question. How secure is the encryption of a keepass password database?

»A common mistake that people make when trying to design something completely foolproof was to underestimate the ingenuity of complete fools.« - Douglas Adams
Use the trusted German Bitcoin exchange: https://www.bitcoin.de/de/r/5wcwts
Tips & donations: BTC : 1MAQYNLp2VJ9wWhPYg5BnrbUGzdhGXopZw | CGB: 5bgQivyHJcSWTgvLfVW87Zj23M7mcFCVBF
Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
August 26, 2011, 07:36:45 PM
 #8

Just keep your damn coins stored offline in a USB. What is so hard about that?
Nice, so if the usb die, you lose everything.

An encrypted file is SAFE if you encrypt it in the right way and use a good password.

Then you can upload it everywhere, dropbox, email, skydrive or whatelse and then you won't lose it.

KeePass encrypted file should be safe if you use a good password, that's the whole point of keepass after all, having an encrypted database. So you should be safe putting it on dropbox, even if someone steal it they won't be able to decrypt it
defxor
Hero Member
*****
Offline Offline

Activity: 530


View Profile
August 26, 2011, 07:38:38 PM
 #9


That article is positive, not negative, for LastPass Wink Quick architecture explanation: They don't store your passwords. They don't have your passwords.

elements
Full Member
***
Offline Offline

Activity: 182


View Profile
August 26, 2011, 07:48:40 PM
 #10

how is this positive:

Beyond being susceptible to XSS attacks, LastPass doesn't even use HSTS, which means that man-in-the-middle (MITM) attacks are also rather easy to pull off.

It's very hard for us to recommend LastPass as a password manager when further vulnerabilities will almost certainly be found. For the time being, you should check out KeePass, an offline password manager that, for now, is a lot more secure than LastPass.

»A common mistake that people make when trying to design something completely foolproof was to underestimate the ingenuity of complete fools.« - Douglas Adams
Use the trusted German Bitcoin exchange: https://www.bitcoin.de/de/r/5wcwts
Tips & donations: BTC : 1MAQYNLp2VJ9wWhPYg5BnrbUGzdhGXopZw | CGB: 5bgQivyHJcSWTgvLfVW87Zj23M7mcFCVBF
FlipPro
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
August 26, 2011, 08:00:52 PM
 #11

Just keep your damn coins stored offline in a USB. What is so hard about that?
Nice, so if the usb die, you lose everything.

An encrypted file is SAFE if you encrypt it in the right way and use a good password.

Then you can upload it everywhere, dropbox, email, skydrive or whatelse and then you won't lose it.

KeePass encrypted file should be safe if you use a good password, that's the whole point of keepass after all, having an encrypted database. So you should be safe putting it on dropbox, even if someone steal it they won't be able to decrypt it
You can save it to 2 different USB'S if you are superstitious about it breaking. Sure good encryption is important, but you are only setting yourself up for failure when you are putting your money in the hands of other people...

Just my honest opinion...

Tweet For Coins http://uptweet.com
defxor
Hero Member
*****
Offline Offline

Activity: 530


View Profile
August 26, 2011, 08:05:01 PM
 #12

how is this positive:

Beyond being susceptible to XSS attacks, LastPass doesn't even use HSTS, which means that man-in-the-middle (MITM) attacks are also rather easy to pull off.

It's very hard for us to recommend LastPass as a password manager when further vulnerabilities will almost certainly be found. For the time being, you should check out KeePass, an offline password manager that, for now, is a lot more secure than LastPass.

Sorry, I kind of assume that people read the whole articles.

Quote
Update: LastPass has now implemented HSTS and a few other features to make their website and browser add-ons a lot harder to attack in the future. Hooray!

... which is still irrelevant, since the attack would not compromise your passwords. Read up on the LastPass security model, a lot of security researchers have already. The article author isn't one Smiley
Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
August 26, 2011, 08:17:07 PM
 #13

Just keep your damn coins stored offline in a USB. What is so hard about that?
Nice, so if the usb die, you lose everything.

An encrypted file is SAFE if you encrypt it in the right way and use a good password.

Then you can upload it everywhere, dropbox, email, skydrive or whatelse and then you won't lose it.

KeePass encrypted file should be safe if you use a good password, that's the whole point of keepass after all, having an encrypted database. So you should be safe putting it on dropbox, even if someone steal it they won't be able to decrypt it
You can save it to 2 different USB'S if you are superstitious about it breaking. Sure good encryption is important, but you are only setting yourself up for failure when you are putting your money in the hands of other people...

Just my honest opinion...
Good encryption+good password=other people have an useless file
Exonumia
Full Member
***
Offline Offline

Activity: 190



View Profile
August 26, 2011, 11:17:17 PM
 #14

since my almost brandnew mac crashed (with my non backuped keepassx-files)
I was wondering how safe it is in your opinion to store such a file in dropbox.

Well... I am not sure that the KeePassX author follows the same implementation as the KeePass authors... if he does then it should be rather secure (assuming a hard to guess and long keyphrase).

http://keepass.info/help/base/security.html

I maintain my main KeePass on a windows machine (using the 2.0 database style) then I export out a 1.x database style to use with my mac (and KeePassX). You *can* run KeePass (the actual .net application) on mac with mono... but it is not as elegant as KeePassX in normal usage.

If you are really worried you can always store the KeePassX data base in an encrypted image, then store that image on dropbox!

http://support.apple.com/kb/ht1578

tnkflx
Sr. Member
****
Offline Offline

Activity: 346


View Profile
August 28, 2011, 10:34:28 AM
 #15

I actually switched from Dropbox to  https://spideroak.com/ when the multiple security issues with Dropbox came to light.

| Operating electrum.be & us.electrum.be |
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
August 28, 2011, 04:14:36 PM
 #16

as far as security goes, dropbox is a joke, one time for like an hour, you could literally log on to the website without a password. not only that, but your files are not really "encrypted" so you only can access them. the dropbox staff is able to access them, if there were really secure, that would not be possible.

Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
August 28, 2011, 04:25:50 PM
 #17

When you put something online, expect everyone accessing it, especially if you put online your wallet! That's why if you put online something you MUST encrypt it.

So incase dropbox is hacked or there is a bug or whatelse, the hackers just get an encrypted file.
defxor
Hero Member
*****
Offline Offline

Activity: 530


View Profile
August 28, 2011, 04:38:36 PM
 #18

When you put something online, expect everyone accessing it, especially if you put online your wallet! That's why if you put online something you MUST encrypt it.

Just to reiterate though; Wuala and LastPass use client side encryption. It's the same as if you first encrypt your files manually and then put them on Dropbox. You just skip the manual part of it.


Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
August 28, 2011, 04:40:18 PM
 #19

Yes you are right. But i was speaking in general, in case someone decide to put the wallet.dat in dropbox
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!