3

Does it defeat the purpose of a key file to store it in the same location as the password database? What if a master password is needed also?

For example I save my .kdbx to dropbox as a means to backup and was wondering if I could save the key file too, but then if the dropbox account is compromised they would have both. Does it make sense to have both the key file and .kdbx locally on the same computer, or is this the same as having them both on dropbox?

Celeritas
  • 10,039
  • 22
  • 77
  • 144
  • FWIW I keep the .kdb on the same machine as the keyfile. .kdb is 600 [permissions](http://unix.stackexchange.com/questions/183994/understanding-unix-permissions-and-their-attributes), keyfile is 400. Both are backed up regularly to a remote server under incrementing names to be able to restore from multiple points in history. From what I understand, my main risk is compromise of my local machine's user account, which would lead to compromise of both files. Even if keyfile was stored remotely, If your local account is compromised I think it would have the same security implications. – cremefraiche Feb 07 '16 at 01:43
  • @cremefraiche - see my answer - you may want to reconsider that decision. You seem to be going against KeePass's strongly documented recommendations. – Neil Smithline Feb 07 '16 at 18:33

1 Answers1

3

I think the answer is best summarized by this is a quote from the Another Backup Plugin for KeePass FAQ:

Q: Should I back up my key file the same way I back up my password database?

Short answer: No, no, no! (What part of this answer don't you understand?)

The KeePass documentation also states:

Do not backup the key file to the same location as the database

And later goes into more detail:

Location. The point of a key file is that you have something to authenticate with (in contrast to master passwords, where you know something), for example a file on a USB stick. The key file content (i.e. the key data contained within the key file) needs to be kept secret. The point is not to keep the location of the key file secret – selecting a file out of thousands existing on your hard disk basically doesn't increase security at all, because it's very easy for malware/attackers to find out the correct file

While it may feel comforting to think of all your passwords being encrypted and hence secure, storing the key file with the database really adds little to no security. So using just a key file that is near the database is no security and using both a key file that is near the database and master password is the same amount of security as just using a master password.

The FAQ has further discussion of this if you wish to investigate further.

Community
  • 1
Neil Smithline
  • 14,621
  • 4
  • 38
  • 55
  • Since you clipped half of the answer on the FAQ, I will provide it here. "**Q: Should I back up my key file the same way I back up my password database?**.... But the secrecy of your Internet passwords relies entirely on the secrecy of your key file and/or master password. If your key file – or even a backup copy of your key file – is stored where others can access it, the secrecy of your Internet passwords is compromised. The entire advantage of a key file is lost if it is not kept secret from others.". This is it. This is the big reason they give to not backup to the same location. – cremefraiche Feb 07 '16 at 22:02
  • I'm not saying this is the only reason, but it's the only reason they give, and it is non-consequential to my backup environment. Are there other reasons somewhere I am missing? – cremefraiche Feb 07 '16 at 22:02
  • 1
    Furthermore, in your own words, you only reference _storing_ the keyfile and DB in the same location, not _backing up_. Was this a typo or are you considering this be be the same thing? – cremefraiche Feb 07 '16 at 22:10
  • @cremefraiche - I'm not sure I exactly follow your point. – Neil Smithline Feb 07 '16 at 23:04
  • The main thing I'm pointing out that seemingly the only reason KeePass says to not backup the keyfile and DB to the same location is that others may access it (as stated in the FAQ). This is a non-issue in my, and likely many implementations. Secrecy of my key file is not lost when being backed up to a private server. – cremefraiche Feb 07 '16 at 23:29
  • The FAQ is for a backup tool so it only discusses backups. But the KP manual says that you should keep the file on a USB and not just try to hide it on the disk. I think you are going even one step less and not even trying to hide it. – Neil Smithline Feb 07 '16 at 23:34
  • That is correct, I am not trying to _hide_ my keyfile because I am on a single user computer, and if my account is compromised, I must assume all files I have permission to read are compromised as well. I understand no technical reason to control access to my keyfile with anything other than owner:owner read only permissions. Am I foolishly wrong? – cremefraiche Feb 07 '16 at 23:41
  • @cremefraiche - I think what you are doing is little better than clear-text. Any application that gets access to your disk at any time has access to your passwords. This is why the KeePass manual says that the point of the key file authentication mechanism is to use it as a something-you-have factor. If you keep the key file on a USB stick, even if you have it inserted in the computer whenever you are using it, it will still not be accessible most of the time. So a remote attack won't get access to the key file unless you're online. Now using both a key file and a master password gives you 2FA – Neil Smithline Feb 07 '16 at 23:56
  • Yup, I was foolish. I was not thinking about possible vulnerabilities in applications run under my user. I should keep my keyfile on external media. It seems this does not affect backing up both keyfile and DB to a private server however, if that server is specifically hardened for backup storage. – cremefraiche Feb 08 '16 at 00:26