Is it insecure to upload Keepass database to Google Drive, Dropbox or any other file service in the cloud?
I’ve read this answer in Security Stackexchange: https://security.stackexchange.com/a/45337
So, I feel kinda confident if a put a big number of PBKDF2 iterations, like 10.000.000, it should be OK.
My master password is based on diceware, but is not very very long because I need to remember it.
What do you people think about this?
I use KeePass and keep my database in the cloud. I use a key file that is never stored in the cloud in addition to my master password. You get a cloud backup of your database, and updates will sync to your devices if your cloud provider has a client that does that.
I actually don’t sync it directly to my phone. I download a copy as needed. I also don’t add passwords on my phone to my main database. I use a separate database for logins I create on my phone and import them once in a while on my PC. This is because Google Drive’s sync on Android has been unreliable for me, though I haven’t tried again in years.
I use KeePass DX on Android because it has a nice virtual keyboard so you don’t have to use the clipboard, which is insecure. It also has a better UI with fingerprint unlocking.
I thought the better KDF was Argon2d because it’s stronger against GPU attacks.
Syncthing solves this problem for me without my keyring being exposed to any outside servers.