Veracrypt is a single file container, did you mean Cryptomator? And how does a protocol help with a dumb cloud with local file access? You'd still need to define a local scheme
Nope, I meant VeraCrypt. As I assumed you meant splitting attachments into their own BLOB. This means you would have the KDBX file, then the attachment blob. I’m saying that you might as well use a purpose built encryption container tool.
As for the protocol my main argument is that passing around a file with dumb syncing is always going to have issues. The only real way to mediate it is to have a defined schema and standardized sync protocol between keepass clients. This would make them behave more like a centralized password manager. However, this approach would require some sort of relay infrastructure and just ends up emulating syncthing but for application specific data rather than simple files. It’s far out of scope for KeePass IMO to build a p2p sync protocol.
Editing this comment because a user in this thread actually acknowledges this point:
> Solving sync and sharing cannot be done on whole database file level, as it implemented now in KeePass. Changes need to be tracked at the password record level, all changes need to persisted as operations log and that log needs to be distributed across devices.
> I’m saying that you might as well use a purpose built encryption container tool.
Which is what keepass is, it just fails in a few ways (built to contain passwords and attachments) some of which are what the format change suggestion is supposed to fix. So I don't understand the conceptual disconnect.
> passing around a file with dumb syncing is always going to have issues
That's true of everything, including the protocol. But also, how does it help if you think the protocol is out of scope anyway, so shouldn't block non-ideal improvements? Let's not perfect be the enemy of the good?
wps|3 days ago
As for the protocol my main argument is that passing around a file with dumb syncing is always going to have issues. The only real way to mediate it is to have a defined schema and standardized sync protocol between keepass clients. This would make them behave more like a centralized password manager. However, this approach would require some sort of relay infrastructure and just ends up emulating syncthing but for application specific data rather than simple files. It’s far out of scope for KeePass IMO to build a p2p sync protocol.
Editing this comment because a user in this thread actually acknowledges this point:
> Solving sync and sharing cannot be done on whole database file level, as it implemented now in KeePass. Changes need to be tracked at the password record level, all changes need to persisted as operations log and that log needs to be distributed across devices.
eviks|3 days ago
Which is what keepass is, it just fails in a few ways (built to contain passwords and attachments) some of which are what the format change suggestion is supposed to fix. So I don't understand the conceptual disconnect.
> passing around a file with dumb syncing is always going to have issues
That's true of everything, including the protocol. But also, how does it help if you think the protocol is out of scope anyway, so shouldn't block non-ideal improvements? Let's not perfect be the enemy of the good?