Lack of online data store leaves keepass database vulnerable to data loss #3396
Comments
|
The fix for this is not to integrate cloud API's into KeePassXC. The fix is already documented in #2389 |
|
@droidmonkey the point I was trying to make is that solutions that rely on the online data stores synchronization cannot succeed. #2389 is not able to address the problem. KeepassXC needs to do everything it can to circumvent the conflict resolution process of the online data store. |
|
I use google drive to sync all the time between keepass2android and KeePassXC. If there is a binary conflict between cloud and device, google drive creates a conflict file. I have never had an instance where data is simply missing. Now, I don't use google drive on macOS and there may be an issue there. |
|
Another problem with relaying in google drive is that Linux doesn't have a native synchronization app so it isn't a solution at all for Linux. Maybe this is better accomplished with a plugin API for cloud providers so you don't need to maintain the code for different cloud services. |
|
There are so many alternatives to Google Drive, just choose one of them. We will not add a plugin API to KeePassXC. |
Expected Behavior
KeepassXC should support synchronization with online data stores (dropbox, google drive, s3) to prevent data loss for users with multiple computers/phones.
Current Behavior
KeepassXC currently relies on the unreliable process of the online data stores disk synchronization. Whenever KeepassXC changes the database, the online data store's disk synchronization copies the changed file up to the online store. This works great for 90% of the use cases. However should a write get into the online data store and KeepassXC makes a write to the disk, then it is upto the onine data store's synchronization algorithm to determine what to do. Since these services operate on files as primitives, it can only choose one or the other. If a database entry is added on one device while online, and another device while offline, then the online store must choose one or the other, but not both. This results in a lost entry. Depending how long one device has been offline the rewind can be severe. There is no trash entry to recover.
Possible Solution
KeepassXC must be used to resolve the conflicts. As such It cannot write to a file that is synchronized by an online data store. Instead, when the device comes online, it must retrieve the current version of the database, resolve any conflicts, and push the updated version back.
I set some reolink cameras in my house. Over the span of several months. Each requires a user name and password to be set on creation. I set a different user name and password for each camera by creating new entries in my database. This was over the span of 6 months to a year. Today I setup a new phone, copied the database down, and tried to log into the camera again. All the passwords are gone. Which makes me worried that much more are missing. They are not in the trash either. I am using G
Steps to Reproduce
Results: mac-entry1 never makes it into google drive
Expected: mac-entry1 to make it into google drive and be available on the device
Context
I experienced a password database rewind with the loss of unknown number of entries when I switched from one phone to another. Entries are not recoverable from the trash. I have explored all the dbs on all the computers and have not been able to recover the entries that are known to be lost.
Debug Info
KeePassXC - Version 2.4.3
Revision: 5d6ef0c
Qt 5.12.3
Debugging mode is disabled.
Operating system: macOS Mojave (10.14)
CPU architecture: x86_64
Kernel: darwin 18.2.0
Enabled extensions:
Cryptographic libraries:
libgcrypt 1.8.4
Laptop:
Model Name: MacBook
Model Identifier: MacBook8,1
Processor Name: Intel Core M
Processor Speed: 1.2 GHz
Number of Processors: 1
Total Number of Cores: 2
L2 Cache (per Core): 256 KB
L3 Cache: 4 MB
Memory: 8 GB
Boot ROM Version: 177.0.0.0.0
SMC Version (system): 2.25f87
Serial Number (system): C2QR301WGKK5
Hardware UUID: 78FCBB34-EE9E-57E3-BDEA-45D992B4CC19
System Version: macOS 10.14.2 (18C54)
Kernel Version: Darwin 18.2.0
Boot Volume: Macintosh HD
Boot Mode: Normal
Computer Name: gold
User Name: Michael Power (michael.power)
Secure Virtual Memory: Enabled
System Integrity Protection: Enabled
Time since boot: 20 minutes
I respect the desire to keep the core code base small, exclude networking for security. A capabilities based plugin framework would enable a dedicated plugin to be written to solve this problem. WIth capabilities, the networking connectivity could be limited to just google drive and just for that plugin.
The text was updated successfully, but these errors were encountered: