Nástroje používateľa

Nástoje správy stránok


blog:odborny:2024-08-07-keepass_synchronisation_on_macos_with_pcloud

Keepass synchronisation on macOS with pCloud

Some basic info on my workflow.

Database settings

My *.kdbx v4.0 database settings are as follows:

  • Encryption:
  • Key derivation:
    • Algorithm = Argon2d – AES is not that good because its memory requirements are low (and memory is the limiting factor in GPU/ASIC attacks). Argon2id is not recommended by KeePass developer.
    • Memory = 64MB – this should theoretically be set as high as possible, because the memory is now the limiting factor, not iterations. From this point of view, 1GB would be ideal – KeePass developer recommends setting it to half the lowest RAM any of your devices has. But if you use Autofill, there are memory limits which will probably force you to set it to 64MB or perhaps 128MB.
    • Iterations = 20 – decryption should take a while, this makes it around 1–2s on my devices.
    • Threads (Parallelism) = 2 – this should be the lowest number of cores/threads any of your devices has, because it does not limit the attacker, only speeds up things for you.

Note that there are also some recommended settings in the official RFC for Argon2.

Apps used & Apps tried

I am using Keepass .kdbx database (version 4.0) and pCloud provider for synchronisation.

Windows

KeePass
THE original. There's no real reason for using anything else.

macOS

MacPass
In my opinion, the very best solution. Native app with many nice features, supports everything KeePassXC does, and it has a 1/10th of its size and launches blazingly fast. And its opensource. Yay!
KeePassXC
Crossplatform solution I did use for a long time. Very good one, but – it is not a native macOS app and you will feel it time to time.
Strongbox
I did not personally test it, but it was mentioned multiple times in this reddit thread, so it might be worth trying. From the screenshots, it looks better than MacPass, but I like the opensource feature of MacPass.

iOS

KeePassium
Simply the best. Perfect, opensource and even free for majority of “home” uses.
KyPass
I have been using this app before for quite some time, but with every new major version number of the app, the developer creates a completely new app ID, thus forcing you to buy it again and again (because he removes the previous app versions from AppStore). After three different versions bought, I gave up. Also, from the design point of view, it really feels crappy.

Setting up KeePassium for cloud-shared password database

To connect KeePassium with your database, you have basically two options:

WebDAV connection to pCloud-shared database

To connect KeePassium with my database, I use WebDAV connection to my pCloud storage. The native integration of cloud services under “Locations” in iOS Files app was causing me problems: after each database save in KeePassXC, KeePassium could not find the file.1)

To set up a WebDAV database in KeePassium, you have to provide the URL and your credentials. For pCloud, the WebDAV URL depends on your data region – the host is:

  • either webdav.pcloud.com (for US),
  • or ewebdav.pcloud.com (for EU).

The full URL then is the following:

https://webdav.pcloud.com:443/<path>/<to>/<database>/<folder>

Note that the URL has to be the folder containing the database, not the full path to the database itself – otherwise, you will see an error: The folder is empty.

Interesting thing is that you can test both your credentials and whether the URL to the folder with the database is correct by typing the address in your browser. For example, try

https://webdav.pcloud.com:443/

to directly open and display the folder listing.

Comments

1)
As I realised later, this has a simple solution documented there, but in the meantime, I started using MacPass together with WebDAVsynced KeePassium, so this was no longer an issue for me.
blog/odborny/2024-08-07-keepass_synchronisation_on_macos_with_pcloud.txt · Posledná úprava: 2024/08/08 10:43 od Róbert Toth