Wednesday, October 11, 2006

How To Safely Store And Manage Passwords Part III

Back in February 2006, I described what I'd done for password security using KeePass in this post.

Since then, I've made a couple of more improvements. First, it was a hassle carrying around the 128MB Hagiwara USB key. It had too little storage to use for everything so I ended up with it being a second USB key in my pocket. I copied the KeePass directory over to my 512MB USB key and created a _KeePass.bat file in the root directory to run KeePass. This has been working fine.

In the last post, I mentioned that I was using a plugin to backup the database. DB Backup is the one I'm using. DB Backup lets you specify a place to put the backup copy of the database and how many copies to keep. It also lets you run a program AFTER the backup which is key as you'll see in a minute.

However, unless you put the backup copy back on the USB key, you have to write it to the PC's hard drive, e.g. c:\. This isn't a big deal since the database is strongly encrypted but it's messy in that you leave files scattered around and if you lose your USB key and have to go back to the backup you have to think a little to figure out where you backed up last.

I wanted to ftp the backup file up to my web site. I tried some things that didn't work and finally e-mailed the author. He replied promptly but said noone else had done this and offered a couple of suggestions.

I played with this and I've figured it out.

It takes 2 files in the directory where keepass.exe runs from. Here are the 2 files. Comments/explanations are in <>s. Remove them from the actual files.


<begin file>
ftp.exe -s:keepassftp.txt <this is references the second file>
del c:\Backup_of_Database.kdb-0 <this is optional>
<end file>


<begin file>
open <name of the ftp host>
uuuuuuuu <user-id for ftp>
pppppppp <password for ftp>
type binary
cd httpdocs <directory to put the backup file in - for second level directory, repeat on separate line>
delete Backup_of_Database.kdb-3
rename Backup_of_Database.kdb-2 Backup_of_Database.kdb-3
rename Backup_of_Database.kdb-1 Backup_of_Database.kdb-2
rename Backup_of_Database.kdb-0 Backup_of_Database.kdb-1
put c:\Backup_of_Database.kdb-0 Backup_of_Database.kdb-0
<end file>

Then in KeePass, go to Tools/DB Backup plugin/Set Backup Destinations. In "Destinations" put "c:\" (without the quotes) and click "Add." Then check "Additional program to be launched..." and put "keepassftp.bat" (without the quotes) in the input field. I also check "Show Window."

Note that this puts the ftp user-id and password in clear text in the directory where keepass.exe runs from. However, the backup of the database is strongly encrypted.

No comments: