<pstyle="font-size:110%"><strong>Posted on 23 June 2023</strong></p><p><strong>Categories: </strong><astyle="color:#ff79c6"href="../software/"><iclass="fa fa-laptop"aria-hidden="true"></i>Software</a></p>
<p>I have decided to switch from a self-hosted Vaultwarden (Bitwarden) instance to using KeePass along with Syncthing to sync it to all my devices. There are numerous reasons why I decided to make this change.</p>
<p>The offline nature of KeePass makes it so that it is nearly impossible to crack. Connecting things to the internet makes it trivial for a script kiddie thousands of kilometers away from you to attempt to crack your passwords. A password manager is a place where all of your passwords are stored. Due to this very reason, I decided to upgrade my security by moving to a reputed piece of software.</p>
<p>The encryption algorithm used for your password database is AES-256, commonly known as 256-bit encryption. It is a form of encryption that is so difficult to crack that the only way you can actually hope to obtain someone's password is by phishing them or using external methods. For more information, please <ahref="https://yewtu.be/watch?v=S9JGmA5_unY">watch this video by 3Blue1Brown.</a> It is extremely interesting.</p>
<p>In fact, KeePass is so secure that even the passwords that are stored in your memory while you are viewing your database is encrypted. That way, even a <ahref='../../definitions/management-engine'style='color:#50fa7b'>management engine</a> attack will not work. If you want to try viewing the cleared memory sectors to find remnants of your passwords, good luck. The passwords which are stored in your memory are first overwritten to the point of unrecoverability before being cleared.</p>
<p>You can even setup a keyfile (a file you need to use to login), a <ahref='../../definitions/security-key/'style='color:#50fa7b'>security key</a>, or both.</p>
<p>KeePass is open-source under the GPLv2 license, which is the best open-source license for people's freedom. That makes it <ahref='../../definitions/free-software/'style='color:#50fa7b'>free software</a>.</p>
<h2><iclass="fa fa-user"aria-hidden="true"></i>The Encryption Never Stops</h2>
<p>Along with KeePass, I use Syncthing to sync my database. Syncthing also uses cryptographic encryption. This makes it so that anyone who wants to brute-force my database needs access to both my Syncthing password and my KeePass password.</p>
<p>I use KeePass along with Syncthing for three reasons.</p>
<ol>
<li>KeePass is extremely secure. It has industry-standard protection methods and algorithms and its offline nature makes it practically uncrackable.</li>
<li>It is fully <ahref='../../definitions/free-software/'style='color:#50fa7b'>free software</a> under the GPLv2 license</li>
<li>Syncthing is also encrypted, which means that an attacker who wants to attack me using the internet needs to crack both my Syncthing password and KeePass password which would take billions of years.</li>
</ol>
<p>I am probably never going to switch back because this system works extremely well. Syncthing is very fast at staying up-to-date.</p>