Furlo's Playground

Nástroje používateľa

Nástoje správy stránok

Nachádzate sa: Blog » Archív blogu » Blog informatický » Keepass synchronisation on macOS with pCloud
blog:odborny:2024-08-07-keepass_synchronisation_on_macos_with_pcloud

Rozdiely

Tu môžete vidieť rozdiely medzi vybranou verziou a aktuálnou verziou danej stránky.

Odkaz na tento prehľad zmien

Obojstranná predošlá revíziaPredchádzajúca revízia
Nasledujúca revízia		Predchádzajúca revízia
blog:odborny:2024-08-07-keepass_synchronisation_on_macos_with_pcloud [2024/08/07 22:16] – webdav in browser Róbert Tothblog:odborny:2024-08-07-keepass_synchronisation_on_macos_with_pcloud [2024/08/08 10:43] (aktuálne) – RFC Róbert Toth
Riadok 2: Riadok 2:
  
 Some basic info on my workflow. Some basic info on my workflow.
 +
 +
 +===== Database settings =====
 +
 +My ''*.kdbx'' v4.0 database settings are as follows:
 +
 +  * Encryption:
 +    * **Algorithm = AES Rijndale** – ChaCha20 [[https://www.reddit.com/r/crypto/comments/85jdsf/comment/dvxui18/|might be bad in some situations]] and Twofish [[https://www.reddit.com/r/KeePass/comments/10pdsrq/comment/j6kpwlc/|is prone to side-channel attack]].
 +  * Key derivation:
 +    * **Algorithm = Argon2d** – AES is [[https://keepass.info/help/kb/kdbx_4.html#argon2|not that good]] because its memory requirements are low (and memory is the limiting factor in GPU/ASIC attacks). Argon2id [[https://keepass.info/help/base/security.html#secdictprotect|is not recommended by KeePass developer]].
 +    * **Memory = 64MB** – this should theoretically be set as high as possible, because the memory is now the limiting factor, not iterations. From this point of view, 1GB would be ideal – KeePass developer [[https://keepass.info/help/base/security.html#secdictprotect|recommends]] setting it to half the lowest RAM any of your devices has. But if you use Autofill, there are [[https://keepassium.com/articles/autofill-memory-limits/|memory limits]] which will probably force you to set it to 64MB or perhaps 128MB.
 +    * **Iterations = 20** – decryption should take a while, this makes it around 1–2s on my devices.
 +    * **Threads (Parallelism) = 2** – this should be [[https://sourceforge.net/p/keepass/discussion/329220/thread/eb5cf70b/#3215|the lowest number of cores/threads]] any of your devices has, because it does not limit the attacker, only speeds up things for you.
 +Note that there are also some recommended settings in [[https://www.rfc-editor.org/rfc/rfc9106#name-parameter-choice|the official RFC for Argon2]].
 +
  
 ===== Apps used & Apps tried ===== ===== Apps used & Apps tried =====
Riadok 24: Riadok 39:
   ; <del>[[https://www.kyuran.be/software/kypass/|KyPass]]</del>   ; <del>[[https://www.kyuran.be/software/kypass/|KyPass]]</del>
   : I have been using this app before for quite some time, but with every new major version number of the app, the developer creates a completely new app ID, thus forcing you to buy it again and again (because he removes the previous app versions from AppStore). After three different versions bought, I gave up. Also, from the design point of view, it really //feels crappy//.   : I have been using this app before for quite some time, but with every new major version number of the app, the developer creates a completely new app ID, thus forcing you to buy it again and again (because he removes the previous app versions from AppStore). After three different versions bought, I gave up. Also, from the design point of view, it really //feels crappy//.
 +
  
 ===== Setting up KeePassium for cloud-shared password database ===== ===== Setting up KeePassium for cloud-shared password database =====
blog/odborny/2024-08-07-keepass_synchronisation_on_macos_with_pcloud.1723061788.txt.gz · Posledná úprava: 2024/08/07 22:16 od Róbert Toth