Some questions for /g/ to answer:
>how do you manage your DB so that it never gets lost or corrupted?
>how do you prevent people from ever seeing your DB to begin with so they can't just download it and try to get into it as many times as they want?
>how did you come up with a good master password for your DB?
>what KeePass-compatible applications do you use to manage your DB?
>do you harden your DB with any other precautions such as a key file?
dumb
>>54284406
we know you are
>>54284364
>how do you manage your DB so that it never gets lost or corrupted?
Backups. I'm looking for cloud solutions right now but I don't know which company to trust, regardless of 256 bit encryption, given the lack of knowledge I don't feel competent enough / have enough money to host a owncloud server.
>how do you prevent people from ever seeing your DB to begin with so they can't just download it and try to get into it as many times as they want?
No idea
>how did you come up with a good master password for your DB?
pic related + additional special characters
>what KeePass-compatible applications do you use to manage your DB?
KeePass2, Keepass2Android
>do you harden your DB with any other precautions such as a key file?
Yes, on my flash drive
>>54284476
>I'm looking for cloud solutions right now but I don't know which company to trust,
The ones with open source software and no business in mining your data.
1.DB is stored primarily on my home server, but I also have copies on several other devices.
2.I don't, but if someone is that determined they deserve it tbqh
3.Combination of numbers and different languages
4. CKP on Chrome, Keefox on firefox and keepass on iOS.
5.Yes, I use a keyfile and never put it on any server.
>how do you prevent people from ever seeing your DB to begin with so they can't just download it and try to get into it as many times as they want?
I use a 22-character password, my only concern is myself typing it in an infected system, not other people getting their hands on the .kdb.
>>54284494
So no options outside of ownCloud?
>>54284494
Or just use OwnCloud...
>>54284476
>Yes, on my flash drive
How do you use that with your phone? you don't only require one auth method, do you?
also, do you carry your keychain everywhere? or what?
>>54284558
spideroak apparently is, although it isn't free to use.
>>54284590
Compartmentalization is key. You shouldn't have secure emails on your phone. Everything that requires more than a diceware password belongs only on a Qubes setup.
>>54284590
http://www.amazon.com/Samsung-Flash-Drive-MUF-64CB-AM/dp/B013UHK0TK/
I mean I need my key chain every time I leave my house, so yes.
>>54284558
There's Syncthing. Seafile is an open source self-hosted software if you have a server. Or any privacy conscious email provider that also provides a bit of storage like Ghostmail.
>>54284652
I just want to point out that an OTG cable does the same for anyone else considering this.
>>54284364
>how did you come up with a good master password for your DB?
Used a long sentence that describes something about me not many people know.
>>54284822
you've already said far too much about your password
use your brain faggots.
>>54284605
As a Spider oak user, I don't recommend it. It's great in regards to security, but their file manager is clunky as SHIT. Also, mobile app can't write into shared folder, only read.
The other free end to end encryption solutions would be Mega, which is not trustworthy due to the takeover, and sync.com. I've been using the latter for a few days and it has been pure bliss.
>>54284853
On 4chan
>>54284929
which is still forever, tied to an IP near your home address at this moment in time.
>>54284887
Yes I love memorizing all different combinations of passwords in my head for many different shitty sites because think they're helping
Especially the sites that force you to use a specific character as the first character in a password
>>54284954
Sitting at work :^) All traffic goes through an internal proxy.
I'm using pwgen and pass:
https://www.passwordstore.org/
with gpg integration.
>>54284891
>sync.com
looks nice. No Wikipedia page, though, and I've never heard of it, so it's still sketchy as hell in my mind.
I'll keep an eye on it.
>>54284364
>how do you manage your DB so that it never gets lost or corrupted?
all my devices sync the DB with an USB drive connected to the router. to ensure that the DB doesnt get destroyed the desktop mirrors it to a USB drive while the laptop mirrors it to a microsd
>how do you prevent people from ever seeing your DB to begin with so they can't just download it and try to get into it as many times as they want?
the hardware is only used by me and brain.exe is enough to avoid infection with a trojan if you have no Java and Flash installed.
>how did you come up with a good master password for your DB?
I simply combined 3 old passwords I used since I was a kid.
>what KeePass-compatible applications do you use to manage your DB?
nothing besides KeePass itself.
>do you harden your DB with any other precautions such as a key file?
no. I would simply leave the device with the key file connected to the computer all the time so why bother in the first place?
>>54284970
which has a digital record of your employment, as well as logs of your activity. It also has to comply with warrants.
>>54284972
This
>>54284964
its not really hard
>>54284997
>has to comply with warrants
We are still talking about keepass, right?
>>54285073
we're talking about pathways to weaken encryption. We're talking about forever.
>>54284822
>Used a long sentence that describes something about me not many people know.
It's best not to have your password describe something anybody knows about you. It should be something you know that isn't something somebody can guess from knowing you.
>>54285178
It's still a long sentence. Nothing like "I am x" or "My name is y"
>>54285246
still, that's not what you should do
I store the db in the cloud and keep a key file offline on every device I want to use it with.
My password is a really long phrase, easy to remember hard to guess.
>>54285178
I recommend writing a poem, and memorising it. Make the only copy of the poem exist in your head.
Then use a line from it as a password.
Passphrases are the new hotness.
>>54284974
It provides 5GB free storage with no expiration.
Also resides in a fucking leaf.
>>54286419
>>>54284974
>It provides 5GB free storage with no expiration.
Until the company goes bust and sells all the data to Russian blacksites
>>54284476
>cloud services
Backblaze is reputable. They even have private key authentication.
>>54286230
>I store the db in the cloud and keep a key file offline on every device I want to use it with.
>My password is a really long phrase, easy to remember hard to guess.
If its easy to remember it shouldn't be hard breaking it.
What about Lastpass as an alternative?
>>54286799
botnet
>>54286595
Even if someone somehow gains access to my db and manages to guess my password, he would still need physical access to my devices to get the key files.
At that point it would be gameover for me anyway.
>>54288089
I would be afraid to lose the key file
>>54286560
>Backblaze is reputable.
no
>>54284476
Jesus Christ if I'll see that comic one more time I'll kill myself.
>muh bits of entropy
>what is a dictionary attack
Fucking Randall, stick to the fucking physics trivia you ignorant nigger
>>54291141
You're retarded. That comic is fine and already takes dictionary attacks into account.
I am pretty close to making my own DB. I have previously read good things about KeePassX. What advantages does KeePass have over KeePassX?
>trusting some Jew startup with your passwords
Hahahaha newbs.
>>54291398
Just use pass
>>54293031
Why exactly?
>>54293073
Because it's better than KeePass or any other similar manager, and you keep your own gpg encrypted DB.
https://www.passwordstore.org/
>>54291141
do you even know what entropy is son
>how do you manage your DB so that it never gets lost or corrupted?
Backups on my vps, encrypted 7z mirror on Google drive, and every few weeks I copy it to both a cd and floppy
>how do you prevent people from ever seeing your DB to begin with so they can't just download it and try to get into it as many times as they want?
Whatever ownCloud uses
>how did you come up with a good master password for your DB?
:^)
>what KeePass-compatible applications do you use to manage your DB?
Keepassx2 on linux, KeePassDroid on android
>do you harden your DB with any other precautions such as a key file?
Yes
I keep my passwords on an HP 200LX, nobody's stealing them.
>>54284364
- I tried SpiderOak and it was slow and cumbersome. I would recommend cyphertite now. Good pedigree on the developers and not expensive.
- You can set the db to auto-lock. If they get a copy, this is where your strong password comes in.
- Crack open your bible or koran or torah randomly and choose a verse. Memorize its location and it. That's a random solution, its not hard.
- I keep a tight watch on my password file. I trust it more than storing passwords in a browser or other methods. With security, you have to just hit a point where its good enough.
>>54294026
>I would recommend cyphertite now.
first google result
>Cyphertite Closes Doors, Alternatives Available
