Am I getting too paranoid??

I currently store all my passwords (including sensitive ones, not just for forums, etc.) in Keepass.
The password to open that database is a 147bits psw mixed cases and digits/numbers/special chars (21 digits total).
In the past I used also a key file but I do not feel to confident on that since if it's modified for any reason than Keepass does not accept it any longer: I am afraid to be locked out forever.

My main concern is a brute-force attack with rainbow tables, in case an attacker get physical control of my HDD.

My current paranoia suggest that the above setup might not be enough.
Possible solutions:

1. Create a TC container and store Keepass db there. Good, but what about the TC password? Ok, another about 20 digits psw (obviously different than Keepass).
2. Further Encrypt Keepass db with 7-Zip and again another psw to remember?
3. Any suggestion from you guys? Should be enough simply to increase the Keepass db password to a higher level of security?

Please bear in mind that I cannot perform a system encryption (PC is company owned, actually it should be encrypted with EEPC by McAfee but it did not work so well, ok this is another story...)

Thanks for your patience..

 

In terms of password length you're not as paranoid as I was. I used to use 50 characters high complexity password. It backfired to me and I forgot all my passwords lol.

IMO as long as there's no malware in your PC you shouldn't worry too much. Not sure if it will be any help but zipping the password database w/ different password (20 to 25 characters) might be a good idea. Otherwise, just take it eeeasy~

 

I also use Keepass for all my passwords which are 5 to 32 charterers in letters in length. Keepass is also password protected, the password is in a file witch is encrypted with axcrypt and everything is backed-up encase of a crash or other mishap I also use a anti- key logger..

 

How strong is your Axcrypt psw?
Then i guess you use a different psw for Keepass, right?

This would be my solution 2, more or less.

 

I use a permutation of a few different words or short phrases.

I store these in a plain text file, obfuscated with my own algorithm.

First someone would have to know which text file holds my keys (of the thousands of text files existing, where I name it to be mundane and include some "story" type text with it), then they would have to know what on earth the gibberish means (as it is not logical, just obfuscated in a purposefully illogical way). And finally they have to know which password/passphrase goes to what account (which is listed, but I don't use names like "yahoo", I have my own off-the-wall way to reference such things).

Of course this doesn't automate putting passwords in prompts, only lets me have a master list in case my memory is foggy.

And to be really paranoid, I never keep anything "sensitive" on a computer. I don't trust them

If anyone were to ever get my text file, and they spent enough time to figure out my craziness, I guess they deserve it. They can see all of my nothingness I guess. Oh, they might get my cd keys to a few games, but no account numbers

Sul.

 

72 Bits

Yes,much bigger concidering what it protects.

 

It is not possible to be tooooo paranoid. "Even paranoids have enemies"

You are in danger here of locking yourself out by memory loss (yours not PC)

Keep all passwords in your own USB stick NOT on the main PC. They can't access what isn't there.

Make it simpler. Encryption is good for physical theft. The machine is owned by company so they should call the security shots or you convince them to improve.

BACKUP is the real answer here or unplug.

Just some random thoughts...

 

I endorse it!

About USB: I am afraid of a catastrophic USB failure...
It's more likely than a HDD failure.

First step of today was to upgrade my Keepass psw to 206bits. But I want more!

 

The only "sensitive" data a real thief is going to care about is that which can be traded for $$$. Just keep cash valuable data off you computer and you'll be fine protecting the rest with a password with decent strength and length. No need otherwise for 20+ characters.

 

On USB failure cheap brands maybe.

Keep a second copy of password files off line! On a dvd as well, put in safety box!

But IF you keep changing your passowords the backups will be no good.

What I do

1) Image the C partition weekly and before patch tuesday
2) Keep strong passwords in text file off line on USB stick and encrypt the whole folder. One for bank, one for forums, one for stores, one for IT vendors

3) Backup user data daily
4) Image whole setup monthly