Change my mind. I believe this is the best combination for privacy.
1 Like
I’m more than happy with Proton Pass and Proton Drive.
Why do you need Cryptomator for this? The KeePass database is already encrypted.
I said it equals to the best combination. The encrypted KeePass database alone is not enough. It is not enough in this case that I need to sync not just passwords but all kinds of files. And I do not want to do it manually. KeePass was just an example.
There are reasons why I included Syncthing in the combination.
Yeah, because double encryption is better than single encryption.
And triple encryption is better than double encryption.
And quadruple encryption is better than triple encryption.
And…
There is definitely no such thing as diminishing returns when it comes to security. /s
3 Likes
What do you mean?
Yes but that is not the best combination in terms of privacy.
According to whom? If you have a strong, randomly generated master password, there is no need for double encryption.
1 Like
There is a need if you are looking for the best results.
The only problem with this combination is if you decide to update something on one device, and then it doesn’t sync for some reason and update something on another device.
You can then end up in a situation where you lose data. Better to just host vaultwarden and be done with it.
4 Likes
Having the best privacy requires a mentality you do seem to have.
No because you are supposed to do backups and it is very simple to rollback.
Is there any reason you need to encrypt any of your content twice? By the way, i do think its private, but cryptomator and syncthing seems unnecessary if you use ProtonDrive app to sync, if you want a copy on cloud.
If you are trying to avoid random hackers somehow got your vault and crack it, unless KeePass has a vul where hackers can crack it easily, it basically impossible to crack if you have a good password.
If you are afraid of targetted attacks, its more likely to be state backed and they might simply lock you up and torture you until you break, if you have such an “advanced” setup, and if you potentially have that value.
This issue can be solved by having one “always on and online” device. It can be old android phone, RPi, or any home pc.
Though if you turn-off mobile data usage for Syncthing on android phone, it can happen. But it’s a not a big problem, as I don’t think many people are adding/updating passwords on the phone, if they already use PC daily. And even if they do, you just have to do ST refresh after that.
At the end, even if there is a conflict, it can be manually solved. But I do agree there is no need for Cryptomator in this setup. Even if you use cloud (VPS) for Syncthing, it can be set as untrusted, so all data there would be encrypted
Keepass has strong security measures. You can increase the number of key derivation functions in the settings which increases the time to crack passwords if you want stronger protections. You could also use a keyfile and password.
You say the “best”.
I think if you want the “best” set up, using Keepass stored offline only would be “more secure” since it limits the attack surface.
Manual offsite backups + cold storage would technically be “more secure”.
1 Like
The annoying thing about Vaultwarden is that they only support Docker images. I thought about hosting it but quickly gave up.
There are third-party packages.
Wow… I feel stupid. I searched the AUR and found nothing. Turns out it’s in the official repos
mfw = 
That is your opinion. We all have ours.
Hah, again, it is your opinion my good sir.
Syncthing isn’t a backup solution, though and can inadvertently overwrite data that you didn’t mean to.
1 Like