top | item 47162991

(no title)

wps | 3 days ago

> but "some" isn't even "many"

True, but it’s a start.

Splitting the file into pieces is certainly not the right way to go about it though, as you would just be poorly emulating VeraCrypt! The most robust sync solution is an actual protocol (like Bitwarden), otherwise dumb file syncing is going to have the same issues it usually has.

discuss

eviks|3 days ago

Veracrypt is a single file container, did you mean Cryptomator? And how does a protocol help with a dumb cloud with local file access? You'd still need to define a local scheme

wps|3 days ago

Nope, I meant VeraCrypt. As I assumed you meant splitting attachments into their own BLOB. This means you would have the KDBX file, then the attachment blob. I’m saying that you might as well use a purpose built encryption container tool.

As for the protocol my main argument is that passing around a file with dumb syncing is always going to have issues. The only real way to mediate it is to have a defined schema and standardized sync protocol between keepass clients. This would make them behave more like a centralized password manager. However, this approach would require some sort of relay infrastructure and just ends up emulating syncthing but for application specific data rather than simple files. It’s far out of scope for KeePass IMO to build a p2p sync protocol.

Editing this comment because a user in this thread actually acknowledges this point:

> Solving sync and sharing cannot be done on whole database file level, as it implemented now in KeePass. Changes need to be tracked at the password record level, all changes need to persisted as operations log and that log needs to be distributed across devices.