Keepass and a dead SSD

[balloonshark]

My Samsung 840 SDD died on me recently. It is still under warranty. When the SSD died I believe I had keepass open at the time. My keepass database does contain financial usernames and passwords along with password questions and answers and any other relative info used when creating my accounts.

What I want to know is if it safe to send in for a warranty replacement? I don't have keepass to setup to start with Windows if they can get it to boot. I start it manually and enter the password. The password is 12 to 18 characters long with upper and lowercase, number and special characters. It uses a few common words though.

Has there been any cases where Samsung or its employes failed to wipe a drive before refurbing, stolen data or lost a drive? This is my first SSD so this is new territory for me.

 

[lxskllr]

When open, the unencrypted database should only exist in ram. IOW, the only thing /possibly/ available to Samsung is encrypted. Dunno how they handle returns, but the liklihood of them, or anyone in the future getting your stuff is very small, but probably not zero.

What would *I* do? I'd send the drive back for rma, and take my chances. You're more likely to get hit by lightning on the way to the shipper than you are having your encrypted data retrieved.

 

[silicon]

My Samsung 840 SDD died on me recently. It is still under warranty. When the SSD died I believe I had keepass open at the time. My keepass database does contain financial usernames and passwords along with password questions and answers and any other relative info used when creating my accounts.

What I want to know is if it safe to send in for a warranty replacement? I don't have keepass to setup to start with Windows if they can get it to boot. I start it manually and enter the password. The password is 12 to 18 characters long with upper and lowercase, number and special characters. It uses a few common words though.

Has there been any cases where Samsung or its employes failed to wipe a drive before refurbing, stolen data or lost a drive? This is my first SSD so this is new territory for me.

if this is a risk for you financially then take a hammer to the driver and just buy a new one. The cost of these drives is peanuts compared to a potential loss you may encounter. On the other hand maybe nothing is at risk.

 

[balloonshark]

Thanks for your reply lxskllr. I didn't know about the unencrypted data being only in RAM. That's very reassuring knowledge.

I also understand what you're saying silicone. I really don't have much to lose. I'm more worried about someone stealing my id and buying a house, car boat, etc.

I'll probably go ahead and send it in as I gave my bottom rig to a family member. They could use the SSD for faster booting and starting a sandboxed firefox session.

In all honesty it's probably past due for me to change passwords and security questions.

 

[rgallant]

is this a plus for raid 0 ?
one drive would have no readable data I think.

 

[masteryoda34]

You are safe. Keepass doesn't store any non-encrypted information to disk.

http://keepass.info/help/base/security.html#secmemprot

 

[mikeymikec]

Thanks for your reply lxskllr. I didn't know about the unencrypted data being only in RAM. That's very reassuring knowledge.

Please note his use of the word "should".

As for masteryoda34's post, quoting from Keepass directly, I would be a lot more confident of their claim (Keepass's) if it was verified by a reputable source. Didn't Dropbox make a similar claim about the security/encryption of their implementation a while ago then back-pedalled?

 

[lxskllr]

Please note his use of the word "should".

As for masteryoda34's post, quoting from Keepass directly, I would be a lot more confident of their claim (Keepass's) if it was verified by a reputable source. Didn't Dropbox make a similar claim about the security/encryption of their implementation a while ago then back-pedalled?

The sources can be checked in the case of KeePass. I don't know if it's ever had a full professional audit, but it's one of the most popular managers, and has had a lot of people looking at the code over the years.

I wrote "should" as a weasel word to take care of the possibility of a coding blunder, but if it works as everyone expects, no unencrypted data is written to disk. With Dropbox, you're at the mercy of a single commercial entity that can only be checked by probing from the outside. Commercial entities have a vested interest, and will lie if they think they won't get caught.

 

[John Connor]

You did backup the data base?

 

[balloonshark]

You did backup the data base?

Yes plus I have them wrote down. Unfortunately I was lazy with my browser and lost of years worth of bookmarks .

 

[mikeymikec]

Yes plus I have them wrote down. Unfortunately I was lazy with my browser and lost of years worth of bookmarks .

I store my Firefox profile in my Documents folder, so when I back up the latter, all my FF stuff is backed up at the same time.

 

[balloonshark]

I store my Firefox profile in my Documents folder, so when I back up the latter, all my FF stuff is backed up at the same time.

Not a bad idea. I really don't know why I didn't have a more recent backup. Perhaps I copied it to my download folder on C: instead of my hdd. If I have a more recent copy I sure can't find it

I would just use the sync feature but I don't like the idea of my stuff stored "in the cloud" for anyone to rummage through.

 

[mikeymikec]

I would just use the sync feature but I don't like the idea of my stuff stored "in the cloud" for anyone to rummage through.

Ditto. The only way I might consider using cloud storage would if if I could rotate encryption key usage so that someone can't just brute force it at their leisure without me having any idea that an attempt has been made.

 

[ArisVer]

I copy my bookmarks in my documents too, and I keep a copy in Dropbox updated monthly.