Hello, Dear admins and Linux users!

Here is one article in russian, how to do self made token. You can google translate it.
https://we.easyelectronics.ru/STM32/...mi-rukami.html

I'm interesting to do token from UBB flash for OS Linux/Windows/Android using USB 2.0 + usb type C flash, without soldering.

Flash must be encrypting, can be open by programs installed on Linux/Windows/Android device and as key holder must be KeePass database inside encrypting in 3 or 2 copies, and KeePass is cross platform tool, instated on Linux/Windows/Android device or moving inside encrypting flash volume as portable soft.

1. Any suggestions about how to do such token from USB Flash?
2. How to encrypt usb volume to be opened under Linux/Windows/Android.
3. Is KeePass good enough to not be cracked? I have been used it since 2008-2009.

Token?

Yee... just like token - not the same. Hardware storage for passwords, not in clouds and without server.

Oh, a SECURITY token. The only one I have carried was RSA and had processing inside. Making your own would seem much less than secure.

Now I use KeePass on 4 computers with windows, 2 computers with Linux and 1 Android phone. The database in each case is on HDD/SSD of the equipment in 2 copies each, in my user directory. But somebody can steal database file and try password brute force hacking.

Im thinking stay KeePass database in encrypted flash.


If buy so proprietary Security token with its own microprogram , which will be good in security and price?

I am not sure, as I am not in the market and have not done that research. Having your passwords available on another portable device (that is more likely to fail) does not seem to me a more secure option!

Yes, I agree - flash can be lost or destroyed, or simply fail.

Is it better to do virtual HDD encrypted volume by TrueCrypt (It was not updated from 2012 as I can remember), that can consist KeePass database inside?

keepass data is already encrypted, and the highest level is crazy hard to crack.

The real question is "what are you doing that requires that level of encryption?", followed by "what is the threat that would attack using decryption tools rather than moving on to an easier target?"!

Rather than opting for more or stronger encryption of passwords, I would opt for something that adds security beyond the passwords level. Some kind of 2FA or authenticator based solution (or both).

keepass has a feature to use a key file to open the database (that means it will ask for a password and will also check the key file). So you cannot do anything with that database without this key file, you can freely send the database to anywhere on the net. Just you need to take care of your key file and also you need to have a strong password.
(nobody can even identify both your database and key file, without help).

1 members found this post helpful.

It’s handy to keep the password database file in your pocket. Since it is an ordinary file, simply keep a backup copy of it “somewhere else.”