4

I am a long-standing KeePass user, but I find its browser integration and Android apps a bit ropey, and certainly harder work than a cloud-based solution such as Lastpass or Bitwarden. I have been trying both of those, and they are so much more convenient, but I do worry about how vulnerable they may be to attack.

I know these solutions talk of end-to-end encryption as a way of ensuring security, and I think I understand that in principle, but don't know enough about it to assess how foolproof it really is. I know they keep a copy of my password database on the cloud, but then I do that anyway by having my KeePass database file on cloud storage. Maybe the difference is that both the cloud storage password and the database password would be required to access my KP DB, but only one set of credentials would be required to access my Lastpass account (for example)? I've seen suggestions that if Lastpass (et al) were hacked, the data would be useless as it's all encrypted - is it really as straightforward as that?

The other consideration for me is that I like to maintain versioned backups of my KP DB, so not only do I have a local backup of the whole DB, but I can roll back to several versions ago if I realise there's an integrity problem with the DB. I don't know any (automated) way of doing that with Lastpass or Bitwarden (though I have only tried the free versions thus far).

I would be interested to get some views from people who are better versed in security matters than I am - at the moment I'm very tempted by the convenience of a cloud solution (with native Android app and Firefox & Chrome integration) but just can't decide if it's really a good idea (though I know millions of people have depended on them for a long time!).

p.s. have just seen something called KeeWeb which looks like some sort of KeePass-cloud hybrid, so I will be looking into that with interest!

Chas
  • 41
  • 2
  • I don't know what "ropey" means, but I share your concerns about cloud based password managers' security. However, my reasons come from "supply chain security" -- imagine someone doing to Bitwarden what they did to Solarwinds, and manipulate it to send the plain text to a server of their choice by subverting the existing cloud-store function. Standalone apps like KeepassXC don't have a "store to cloud" feature to subvert, so a hack is much harder. And worst case we can run them with network access disabled -- they really don't need it anyway. –  Jan 01 '21 at 12:32
  • @sitaram Thank you, that's a useful perspective. And sorry for the obscure bit of language (en-GB)... https://www.collinsdictionary.com/dictionary/english/ropey – Chas Jan 02 '21 at 20:11
  • thanks... I should have looked it up. I knew "dodgy", but this was new to me :) –  Jan 09 '21 at 05:16

1 Answers1

1

One possible problem with online password managers is that your adversary could guess passwords to the password manager from anywhere in the world, while you need to have physical access to brute force on a local password manager. Also, if the KeePass DB is in cloud storage, the adversary needs to get the password to the cloud storage.

Heng Ye
  • 525
  • 4
  • 14
  • 1
    I'm pretty sure cloud-based password managers implement some sort of rate limiting, so you shouldn't be able to bruteforce it from anywhere in the world, unless you hack into the service to obtain a copy of the password databases. – nobody Dec 28 '20 at 17:52
  • 2
    However, if you have a bad password or reused password for your password manager, it's easier to hack cloud based than local – Heng Ye Dec 28 '20 at 18:07
  • @HengYe what do you base that assumption on? Do you think that the average user is better at securing (patching, mitigating phishing attacks etc.) their endpoints than a online password manager (cloud service)? I'm not pro on or the other but I think you comment lacks depth. Multiple modern online password managers enables usage of multifactor authentication, strict access control etc. I would propose to you to read up on the 1Password security model as a good example - https://1password.com/files/1Password-White-Paper.pdf – Kristian Bodeholt Dec 28 '20 at 18:21
  • @KristianBodeholt Yes, users should enable multi-factor authentication to make it more secure, but I don't think that's by default. – Heng Ye Dec 28 '20 at 20:08
  • @KristianBodeholt For example, if you're using password123 as your KeePassXC password, adversary also need the database file while in a remote password manager just need username and password. – Heng Ye Dec 28 '20 at 20:09
  • Thanks all for the responses and discussion. I hadn't realised until now that the Keepass fork KeepasXC has its own browser extension, so I'm trying that out to see if that plus Keepass2Android on mobile might be the best compromise, without going down the 'full cloud' route. – Chas Dec 29 '20 at 17:05
  • Disclosure: I work for 1Password. With 1Password you have a high entropy secret that you store client side that gets combined with your master password client side. This makes the data we store uncrackable. – Jeffrey Goldberg Dec 30 '20 at 01:36
  • @JeffreyGoldberg Does "Uncrackable" include brute forcing? It may be possible that you don't have hashes or encryption keys, but an attacker can exploit social engineering or password reuse to get the password from the target, then they can log in...in KeePassXC, even if the attacker knows the KeePassXC password, they still can't get in unless they get access to the storage medium of the database. – Heng Ye Dec 30 '20 at 18:36
  • @HengYe, your master password is combined with a 128 bit thing we call your Secret Key. This is all done client side. So yes, data captured from 1Password servers is uncrackable. Take a look 1Password documentation for more detail. An attacker who gets your data from your own system will get the Secret Key. So you still need a strong master password. – Jeffrey Goldberg Jan 01 '21 at 00:40
  • @JeffreyGoldberg So it's "uncrackable" by today's standards that is...from what I've seen about the "secret key", it's just another password concatenated with the master password, right? – Heng Ye Jan 01 '21 at 18:04
  • @HengYe, it’s not exactly concatenated, but you can think of it as such for these purposes. 128 bits is in the “trillions of times the age of the universe using every computer on Earth uncrackable” category. – Jeffrey Goldberg Jan 01 '21 at 18:42
  • @JeffreyGoldberg I know this may be getting extreme, but what if someone comes up with a mathematical breakthrough? How would you re-encrypt with another algorithm? – Heng Ye Jan 01 '21 at 18:58
  • That is no longer a question about cracking master passwords. All decent password managers use the same algorithms that are used to secure pretty much everything else. So if those became could be broken then the attacker wouldn’t need to go after your 1Password data. They would just rob banks directly. – Jeffrey Goldberg Jan 02 '21 at 03:08
  • @JeffreyGoldberg still I would not like to use a proprietary password manager that I can't have my team audit...who knows what's behind the servers – Heng Ye Jan 02 '21 at 14:00
  • However @JeffreyGoldberg from a more reasonable point of view, even if I assume that 1password etc are using all correct encryption technology, it's more an issue of where the burden lies...when using KeePassXC, you have full control over the database file, but with that comes more responsibility of storing the DB, avoiding phishing etc, while when using cloud managers the burden is left to the provider which may be a good or bad thing considering paranoia level and sensitivity of data. – Heng Ye Jan 03 '21 at 01:22
  • @HengYe, I’m not trying to talk you out of your preferred password manager. I’ve just been answering rather specific questions. – Jeffrey Goldberg Jan 03 '21 at 04:22