I use KeepassDX on family mobiles with Syncthing for copies between laptop and phones. What would i gain moving to Vaultwarden, knowing that i would never open my network to the outside world? It would be easier to manage for sure, as im having to setup phones and laotops myself in the family and worry that they do silly things like turn off syncthing. But what about offline access to passwords? Does Bitwarden mobile client keep a local copy of database until it can sync?
tl;dr: yes, credentials are cached locally. https://github.com/dani-garcia/vaultwarden/discussions/4676
The major downside to the single file storage used by Keepass is that it’s easy to accidentally create a conflict between files on different devices if they’re not synced immediately. Conflicting files have to be merged manually or data might be lost. I’ve run into this several times with Keepass + Nextcloud. In comparison, a central master database with local cache can resolve conflicts between individual records.
Technically KeePass can “merge” and has some sort of conflict resolution, but you’re right that forgotten and unaddressed conflicts can lay around for unlimited time without you noticing. It’s the main problem with keepass + syncthing.
That is another problem i face when i have the app open on desktop and phone at the same time. Its a nightmare.
Doesn’t it only lead to problems if you change the same exact data on both copies to different values? It literally never happened to me, I never had a merge problem. It always just asks me to merge, I say yes, and that’s it.
Oh wait I use KeepassXC not DX, dunno what the difference is
The problem is that syncing between devices is not implemented in KeePass itself but through an external tool (Nextcloud, Syncthing, or whatever else). The sync client will only see the ciphertext and won’t be able to tell which records have been changed, only that two different binary files have a common ancestor and are in conflict.
The most obvious solution is to lock and close the database when it’s not in use (which is a good practice from a security perspective too), and to sync immediately when it is changed.
Idk what to tell you, but to me the merging is definitely implemented inside keepass itself, Keepass asks me if I want to merge the external changes and does so well.
KeepassXC is password manager for desktop computers and KeepassDX is application for Android phones.
Ah, for Android I use Keepass2Android which also seems to handle external changes perfectly.
On the other hand, Vaultwarden can only be updated online. While I do use it, I consider it a major downside, along with the inability to sync attachments.
Do you worry about the sus new maintainer for syncthing-fork on android?
If you do don’t trust em then don’t update syncthing - it’ll work for quite a while I assume.
And in addition the keepass safe default encryption of AES-256 and is even secure against theoretically existing quantum computer attacks to our current knowledge. It is designed to be not trusted by the storage owner :)
The other maintainer, nel0x (who does the Play Store releases), has started distributing a degoogled version of their own. nel0x is arguably more trustworthy.
Why do you want to ditch KeePass? I use it with Syncthing between at least six different devices without an issue.
I too use Keepass2android offline, never had a sync issue though recently I inexplicably encountered an issue where the keyfile couldnt be found or had become corrupted on mobile. This may have been a phone thing rather than a Keypass thing as I never had such issue in many years of use. Luckily I had the forethought to keep an encrypted backup so I was back up & running quickly.
If I remember Keepass allows pdf attachments without restriction which is excellent for vehicle insurance, breakdown cover etc as its good to have these available offline anytime “just in case”. I think this feature is restricted in Bitwarden (though maybe not Vaultwarden).
I do basically the same thing, haven’t found a better solution
And, i can’t find clients on f-droid. Any variants recomended that dont come from the playstore.
Another key feature will be Keepass data import.
