-
Notifications
You must be signed in to change notification settings - Fork 73
Sensitive Data
This page pertains to:
- KeePass database files
- Keyfiles
To find out how Tusk handles your master password, read Credential Cache Memory.
This is a physical file much like a word document or an MP3 that you can keep on your hard drive, carry on a USB drive, or keep in cloud storage like Dropbox or Google Drive.
The file is encrypted with a key derived from your master password and keyfile.
Your password database is fetched from that provider almost every time you unlock it. That means every time you open the Tusk popup menu, a request is made on your behalf to your cloud storage provider asking for this encrypted file.
For up to two minutes after the file is decrypted, its data can be kept in-memory in the Background page for faster retrieval. For example, if you open Tusk to copy a password and 30 seconds later open tusk again, there's a high probability that the information you see came from a cache of your data. Every two (2) minutes, an alarm in the background page goes off and this in-memory cache is cleared.
Your encrypted password file is kept in Tusk's local storage. Local storage exists on-disk in the directory where your other browser data lives. Due to limitations in the local storage API, the only way to properly remove a keypass database file from Tusk's disk space is to perform a factory reset under the Advanced Settings tab.
This database will not automatically update. It freezes a copy at the time you upload it to Tusk, and in order to update your password file, you must upload it again.
If you use a keyfile, you must import it into Tusk. Tusk does not access your computer's filesystem for privacy and security reasons. Direct filesystem access is also unsupported on Firefox.
When you import your keyfile, a copy is made and kept in local storage. It does not update if you modify your keyfile on disk. This keyfile is never transmitted over the network. You can reimport your keyfile at any time on settings -> Manage Keyfiles.
I'll quote the keepass official documentation
The key file content (i.e. the key data contained within the key file) needs to be kept secret. The point is not to keep the location of the key file secret β selecting a file out of thousands existing on your hard disk basically doesn't increase security at all, because it's very easy for malware/attackers to find out the correct file (for example by observing the last access times of files, the recently used files list of Windows, malware scanner logs, etc.). Trying to keep the key file location secret is security by obscurity, i.e. not really effective.
Importing your keyfile to tusk is generally not a security concern. An attacker with physical access to your machine could just as easily pull your key material from the normal file system as they could from browser localStorage.
Note: if you keep your keyfile on a USB drive or other removeable media, you should know that Tusk is creating a new copy of this keyfile within its file space. If you don't want to have a copy of your keyfile on the computer where you use Tusk, you should not use Tusk.