Why the KeePass format should be based on SQLite(mketab.org)

1 pointby wps2 hours ago1 comment

ycombinatrix2 hours ago
>Important to note is that every time a KDBX file is updated, no matter how small the edit was, the entire file gets rewritten.
This seems like an implementation issue rather than a format/spec issue.
- wps2 hours ago
  Because KDBX is a gzipped and encrypted stream, this is actually fundamentally an issue with the spec itself. A client must re-encrypt and compress the file prior to writing because a mere append operation is not possible. SQLite solves this issue by allowing you to write with page level granularity rather than being forced to dump the whole file for a single tiny change!
  - ycombinatrix2 hours ago
    I see, thanks. Have you considered moving to Bitwarden?
    wpsan hour ago
    Yes actually, I have personally onboarded several people to BitWarden! (Including manually migrating their accounts, setting passwords and passkeys, etc) However, I dislike the centralization and lack of control. There was a paper discussed within the past couple days on HN about what a malicious BitWarden server was capable of, despite BitWarden's marketing. I believe BitWarden's team responded promptly and appropriately to the research.
    VaultWarden is a good compromise (offers the choice of SQLite or Postgres under the hood), putting you in charge of the primary server, but it is honestly overkill for a single personal user compared to a kdbx file on a webdav share.