Password management with Keepass and TC

Hi guys, my first post here.

While on the plain today, heading to Spain, I was thinking about what is best for security when using Keepass and Truecrypt, as I actually do on my pc.
Just to give you a clearer picture: I use keepass for storing all passwords. Its master psw is a 21 digits passphrase, meaning about 110bits, according to keepass psw engine.
I also have a TC container, with the same master psw of keepass.

The question I was wondering about is:
Should I change my TC master psw to a more secure one and store it in keepass or should I keep things as they are?
I think, but here I am glad to listen to your comments, that if an attacker can break keepass and get its master password, the TC container will be accessible anyway (or using the same psw or finding its psw in the keepass database).
Or having a different psw for the two "files" would be more secure?

Maybe this concern might be trivial for many of us, but I am not a security expert....beside the fact that maybe it's a bit paranoid concern and this does not surprise myself...

Thanks you all.

Ciao

 

I have a password that I remember on my Keepass database and within that database I have many passwords, truecrypt included, that I don't have memorized because they are long and random.

The key for me is trying to limit "exposure" to my keepass database. Even though the password is long and complex, it's still holds access to everything else.

 

I prefer to do it the other way around. I store my Keepass database inside a TrueCrypt container and use a different PW for each. Both programs appear to be secure from a technical standpoint, but since I am not a skilled cryptologist/programmer I can't really confirm that. However, I feel that TC is less likely to have undetected vulnerabilities than KP simply because there is so much more interest in finding ways to attack it.

 

The chain is as strong as it's weakest link. If you store your TC password in KeePass, the only password protecting your TC container is the KeePass master password. If you have two different passwords for TC and KeePass, then there is no connection between them, obviously, and if one gets compromised, the other one is safe. If you store your KeePass database inside TC, then your TC container is protected by TC's password, and KeePass's database is protected both by TC's password AND KeePass's password.
So, in the end it is a matter of what you want to protect more (what is more important to you).

 

The option above is the safest.

I introduce risk into my setup when I don't store my keepass database in a tc container. But I trust my password and the keepass software enough to protect my information.

 

I kind of like that approach in general because it creates an additional fence around the password information and puts the password database file inside a larger file or non-file which might not be so easy to upload. If you not only put the KeePass database file in there but also a portable version of KeePass, you also obscure the fact that you use KeePass. To the extent you keep opening of the Truecrypt container to a minimum of course. There's the rub in some usage scenarios I think. I suspect some users would need more frequent access to the Keepass database than anything else in the Truecrypt volume. So above/beyond having to frequently enter two passwords unless they use some helper software, if they go this way they'd end up mounting their Truecrypt volume more frequently than is necessary. If they aren't doing something like putting the Keepass database in the standard volume and the rest of their files in a hidden volume, they would expose encrypted files to their operating environment unnecessarily.

This problem, however minor it might be considered, is somewhat generic and can extend to other things I think. There are some things (a password manager and its database, an email program and its folders, etc) that the user might want to decrypt/expose without decrypting/exposing other things. I guess you could nest hidden volumes and perhaps even use some custom software to make access less laborious.

Just thinking out loud in case it stimulates interesting discussion.

 

I'm with dantz, KP stored inside TC. I also use different 64 character passwords, Key Files, and half of the passphrase (32) sits on a YubiKey in Static Mode. A compromise would have to get what is in my memory, what is on my Yubikey, and find the one Key File, out of 300,000 or so, that I use. I have a little trick I do with the Key File as well, but won't post it...just get creative.

PD

 

Also, you need to consider the fact that a compromise must go undetected for enough time that the attacker will be able to crack your master password, which is really hard, especially if you are very careful with what is going on on your computer and/or if you pick a really strong password.

 

Woah you guys are taking it to a whole new level.

 

interesting inputs, thanks.
For sure KP inside TC is the safest option, however for me it could be a bit uncomfy. Why?
Because I basically need KP every day, while in TC I store some confidential stuff that I do not need on daily basis. In other words, I might open TC container once a week or even less frequently...
Maybe to enhance KP security I can begin using some keyfiles, but I am a bit concerned about doing this because if a keyfile goes bad (for whatever reason) then I am in deep trouble...

 

Copy it and keep it in many different places. They are identical when copied, just don't modify anything. Obviously, depending on your threat model, you may not want it to scream KEYFILE!!!!!

PD

 

Maybe, but all that ^, takes only about 30 seconds out of my day to do.

PD

 

I find key files easy to use. Keep it on your USB drive and maybe a backup on another USB or external HDD. There's no need for more than that IMO. If you're very paranoid you could true crypt the key file. Probably easier than the entire keypass database.

 

My take is that you want that key file as obfuscated as possible. If kept on a flash drive, make it a .jpeg in a folder of 10,000 .jpegs. JMO. Obviously, the threat model for that is confiscation by authorities, not a lost laptop at the airport.

PD

 

For now I decided to create a TC hidden volume with the same psw of KP.
I changed the outer TC volume psw to a long random over 300bits which i stored in KP database.
Now i just need to move some stuff from the outer TC to the hidden TC...and hopefully for a while my paranoia is going to take a break...

 

I think you might be doing this backwards.

You need to move stuff to the outer to make it look "believable." You want the outer volume to be your decoy volume -- that is, put some useless files in there that look important. Keep your keepass database inside the hidden volume. You should also make the outer volume a password you can remember so when prompted for it by an adversary, you can remember. You don't want to make your outer password something long and random because then you need to get your keepass database in order to retrieve the password..which defeats the purpose of hiding the database and using an outer volume as a decoy. Does that make sense?

So, use an outer volume with a simple password and store some documents in there that look important...but really aren't.

Then, use the hidden volume to store your keepass database. If ever prompted for the password to the truecrypt volume, give the outer password and deny that a hidden volume even exists (there is no way to tell it exists).

I would not make the hidden password and the keepass password the same. Since you are going through the trouble of using a truecrypt container with a hidden volume you may as well change the passwords because you gain a significant increase in security by doing so. If an adversary is lucky enough to obtain the key to your hidden volume, they have to start from the beginning again in order to get your keepass password.

 

That's for sure the best scenario in terms of security, but..as I said before, I would also like to keep some comfort for the whole system.
for the moment I keep KP out of TC. What I will do 100% is to move the really confidential information from the outer TC to the hidden TC.

The outer TC is already believable, but your point is good for another reason: in case I am forced to open the Outer TC, I can make it only opening Keepass and then exposing the whole system to intrusion.
While a simple psw of the outer TC will allow me to mount is without the need of KP.
So, Imaybe I should change psw in this way:

1. KP with strong psw that I remember
2. Outer TC with easy to remember psw to mount it in case of attack.
3. Hidden TC with extra-strong random generated psw, stored in KP.

Comments?

 

In such a scenario, once someone gains access to the KeePass database they have your important TC volume password as well. So to some degree this is similar to using the very same password for both. Practically speaking, the adversary might not realize the situation due to how you store that hidden TC volume password in KeePass and/or they might not simply try all the passwords in KeePass against your Truecrypt volumes.

If this "adversary" is one that could force you to open a Truecrypt volume (given your interest in using the standard volume as a decoy I assume this is a scenario you would like to try to protect yourself against) then they could also force you to open your KeePass database. If they find it, have reason to believe you use one (see KeePass on your system or see evidence of its use in logs, whatever), or simply assume you are using such a thing when you are unable to provide password information they would expect you to be able to produce.

If you are able to remember one strong password you likely can remember two. You might consider making your hidden Truecrypt volume password a remembered password as well and *not* storing it in KeePass.

Don't forget, it is possible to have an accident that affects your memory or kills you before you are able to transfer secret information (passwords) to someone. If there is information in KeePass and/or Truecrypt that would be needed when you are ill or no longer around... information which can't be accessed or acquired some other way for example via POA... you have to figure out some way to assure that someone will be able to make sense of your approach and get into your KeePass and/or Truecrypt volumes.