Password management and syncing across devices

  • Download KeePassX from

  • It is a zip file, just unzip it in some directory and one is good to go.

  • Start KeePassX

  • Using KeePassX one can create a new database. This database is a file on local file system in which it stores everything encrypted. Every database will have a master password which will be used to encrypt everything.

  • Provide master password

  • Save the database in some file

  • KeePassX currently uses the KeePass 1.x (Classic) password database format as the native format.

Syncing this file on various devices

  • Since the database is just an encrypted file, any cloud based sync service can be used. I have used dropbox for the same.
  • Via dropbox the file will be available on all other machines, tablets and mobile phones.
  • On all other machines, same KeePassX can be used to open up the file.
  • On IOS MiniKeePass can be used to open up the file.

Why is it safe to keep this file in public dropbox

  • To generate the final 256-bit key that is used for the block cipher, KeePass first hashes the user’s password using SHA-256, then encrypts the result N times using the Advanced Encryption Standard (AES) algorithm (called key transformation rounds from on now), and then hashes it again using SHA-256. For AES, a random 256-bit key is used, which is stored in the database file.

  • As the AES transformations aren’t pre-computable (key is random), an attacker has to perform all the encryptions, too, otherwise he cannot try and see if the current key is correct.

  • Nothing prevents an attacker to just try all possible keys and look if the database decrypts. But what KeePass does is to make it harder.