Obsah
Keepass synchronisation on macOS with pCloud
Some basic info on my workflow.
Database settings
My *.kdbx
v4.0 database settings are as follows:
- Encryption:
- Algorithm = AES Rijndale – ChaCha20 might be bad in some situations and Twofish is prone to side-channel attack.
- Key derivation:
- Algorithm = Argon2d – AES is not that good because its memory requirements are low (and memory is the limiting factor in GPU/ASIC attacks). Argon2id is not recommended by KeePass developer.
- Memory = 64MB – this should theoretically be set as high as possible, because the memory is now the limiting factor, not iterations. From this point of view, 1GB would be ideal – KeePass developer recommends setting it to half the lowest RAM any of your devices has. But if you use Autofill, there are memory limits which will probably force you to set it to 64MB or perhaps 128MB.
- Iterations = 20 – decryption should take a while, this makes it around 1–2s on my devices.
- Threads (Parallelism) = 2 – this should be the lowest number of cores/threads any of your devices has, because it does not limit the attacker, only speeds up things for you.
Note that there are also some recommended settings in the official RFC for Argon2.
Apps used & Apps tried
I am using Keepass .kdbx
database (version 4.0) and pCloud provider for synchronisation.
Windows
- KeePass ✅
- THE original. There's no real reason for using anything else.
macOS
- MacPass ✅
- In my opinion, the very best solution. Native app with many nice features, supports everything KeePassXC does, and it has a 1/10th of its size and launches blazingly fast. And its open‑source. Yay!
- KeePassXC
- Cross‑platform solution I did use for a long time. Very good one, but – it is not a native macOS app and you will feel it time to time.
- Strongbox
- I did not personally test it, but it was mentioned multiple times in this reddit thread, so it might be worth trying. From the screenshots, it looks better than MacPass, but I like the open‑source feature of MacPass.
iOS
- KeePassium ✅
- Simply the best. Perfect, open‑source and even free for majority of “home” uses.
-
KyPass - I have been using this app before for quite some time, but with every new major version number of the app, the developer creates a completely new app ID, thus forcing you to buy it again and again (because he removes the previous app versions from AppStore). After three different versions bought, I gave up. Also, from the design point of view, it really feels crappy.
Setting up KeePassium for cloud-shared password database
To connect KeePassium with your database, you have basically two options:
- Native connection via Files app: KeePassium supports many sync sources through integration of cloud services under “Locations” in iOS
Files
app (and pCloud is fully supported) - Connection through WebDAV: This is a slightly more technical solution, but it works.
WebDAV connection to pCloud-shared database
To connect KeePassium with my database, I use WebDAV connection to my pCloud storage. The native integration of cloud services under “Locations” in iOS Files
app was causing me problems: after each database save in KeePassXC, KeePassium could not find the file.1)
To set up a WebDAV database in KeePassium, you have to provide the URL and your credentials. For pCloud, the WebDAV URL depends on your data region – the host is:
- either
webdav.pcloud.com
(for US), - or
ewebdav.pcloud.com
(for EU).
The full URL then is the following:
https://webdav.pcloud.com:443/<path>/<to>/<database>/<folder>
Note that the URL has to be the folder containing the database, not the full path to the database itself – otherwise, you will see an error: The folder is empty.
Interesting thing is that you can test both your credentials and whether the URL to the folder with the database is correct by typing the address in your browser. For example, try
https://webdav.pcloud.com:443/
to directly open and display the folder listing.