Looking at keepassXC doc I couldn’t find such setup. Maybe it’s possible, but maybe it also leads to trouble down the road. The “official way” seems to use cloud storage.
You keep saying external server for syncthing, but again: syncthing does direct data transfers, encrypted end to end, between devices.
I mention that but with a specific context.
- people with certain ISPs will need to use the relay transfer feature because direct connections can’t be established. Similarly, if you work in an office and you use the corporate network, you usually can’t have device-to-device working (can be both from a technical POV and from a policy POV).
- even with 0 data transfers, servers still have some trust in establishing your direct connections. I know that syncthing uses keys to establish connections, but that’s why I mentioned CVEs. If there is one, your sync connection could be hijacked and sent elsewhere. It’s a theoretical case, I don’t think it’s very likely, but it’s possible. The moment you have a server doing anything, you are extending trust.
In those cases then yes, you are extending a bare minimum trust, and you fully encrypted data would temporarily pass on the relay’s RAM
And from my (consumer) PoV this is functionally equivalent to have the data stored on a server. It might not be all the data (at once), it might be that nobody dumps the memory, but I still need to assume that the encrypted data can be disclosed. Exactly the same assumption that should be made if you use bitwarden server.
If this makes you paranoid
Personally it doesn’t. As I said earlier, it’s way more likely that your entire vault can be taken away by compromising your end device, than a sophisticated attack that captures encrypted data. Even in this case, these tools are built to resist to that exact risk, so I am not really worried. However, if someone is worried about this in the case of bitwarden (there is a server, hence your data can be disclosed), then they should be worried also of these corner cases.
I just get nothing from Bitwarden that syncthing and KeePass don’t offer more easily.
You can say many things, but that keepass + syncthing is easier is not one of them. It’s a bespoke configuration that needs to be repeated for each device, involving two tools. bitwarden (especially if you use the managed service) works out of the box, for all your devices with 0 setup + offers all features that keepass doesn’t have (I mentioned a few, maybe you don’t need them, but they exist).
I don’t know how or why you would have vault conflicts, but it really does sound like something fixable
At the time I did not use syncthing, I just used Drive (2014-2017 I think), and it was extremely annoying. The thing is, I don’t want to think about how to sync my password across devices, and since I moved to bitwarden I don’t have to. This way I don’t need to think about it, and also my whole family doesn’t have to. Win-win.
That said, if you are happy with your setup, more power to you. I like keepass, I love syncthing, I have nothing against either of them. I just came here to say that sometimes people overblow the risk of a server when it comes to a password manager. Good, audited code + good crypto standards means that the added risk is mininal. If you get convenience/features, it’s a win.
1 in russian is один, I think it’s quite different from one/uno/un (especially since the о is pronounced а). 2 and 3 are instead extremely similar (два три). Does it actually still come from the same root?
While not being competent in this subject, I found it very fascinatinf that ugro-finnic languages (which are not indoeuropean AFAIK) like Finnish or Estonian are so wildly different, so that 1 2 and 3 are üks, kaks, kolm (in Estonian), for example.