Can I keep my database file in the open Internet?

[jonatasbaldin]

Hi there 👋

First, I'd like to thanks all the maintainers and contributors for KeePassXC, I've migrating from 1Password lately in a very smoothly experience.

So far, I've setup my local machine (OSX) and I'm on the mission to setup my phone (iOS).

Strongbox Safe has support for KeePass. One could add the database file from different methods, like Dropbox, Google Drive, WebDAV, SFTP, URL etc.

With that, I was wondering:

• How safe it is to put my database file out in the wild (assuming I'm using a very strong passphrase but not key file)?
• If I use a key file (manually set it in my machine/phone), would it be safer to expose the database file online?
• How long one would take to brute force my file with a strong pass phrase?
• Are there any history of zero-day vulnerabilities to break into the database file? Are those common?

Thanks!

[droidmonkey]

The "Open Internet" is very different from personal cloud storage like Dropbox and OneDrive. Storing the database in your personal accounts is very safe and encouraged. The file is always encrypted and secrets will never be exposed to those services. A strong database password is all you need, 15+ characters is more than sufficient. Due to the use of key derivation functions, cracking a database is impossible with a strong password.

[jonatasbaldin]

Thanks @droidmonkey.

In my case, I don't want to use services like Dropbox and OneDrive, I'd like to be able to have my database availability as simple as possible, like in a simple URL.

Due to the use of key derivation functions, cracking a database is impossible with a strong password.

With that in mind, if anyone puts the hand on my database, they wouldn't be able to crack it anyway, right?

[droidmonkey]

They'd have to have about 100 billion years of computing power for a 20 character randomized password.

[jonatasbaldin]

yep, that will do it hahaha thanks again!