[solved]Good password management tool - which one?

Archie_Enthusiasm · 2011-01-29 12:45:25

Hello guys,

I want to store my passwords in an encrypted file which I can use on different plattforms (if not existent yet, only for linux OSs.) Most of you guys know truecrypt. A truecrypt file can be used on any plattforms where truecrypt is useable. Just like this, I would like to ask you guys which tools you use for managing your passwords. For me, it should be something which can be used on different plattforms. For example (most of them are not cross-plattform), there are many tools like seahorse, pwmanager, pwsafe, keysafe, keepassx, etc...

Which tools do you guys use? Do you guys know any of the tools whose source code is already reviewed and confirmed as the most secure or "the state of the art" tool for managing passwords? It would be also nice if the crypto pass generation feature is already included in that tool.

Security matters!

Last edited by Archie_Enthusiasm (2011-02-05 20:36:39)

graysky · 2011-01-29 13:07:32

pwsafe works... state-of-the-art? Dunno.

loafer · 2011-01-29 13:28:17

There is a similar thread to this one here:

https://bbs.archlinux.org/viewtopic.php?id=104908

silvik · 2011-01-29 13:44:34

i use keepassx. it's got everything i need and more and it's crossplatform.

Archie_Enthusiasm · 2011-01-29 14:00:07

keypassx seems to have problem because of its database ans corruptions on the file (used the thread posted above). Did you experience anything like that?

firecat53 · 2011-01-29 14:59:31

I'm happy with keepassx...no corruption issues yet And you can keep the db in your dropbox and/or a flash drive for crossplatform use. Very convenient!

Scott

Archie_Enthusiasm · 2011-01-29 15:02:31

Does anybody use GNUpg? till now, I always used my RSA key to encrypt a file. are these password managers better than GNUpg encryption? I stored my passwords in a plain text file and then encrypted with GNUpg key file. Which method would you prefer?

stryder · 2011-01-29 15:23:17

I use keepassx because it is cross-platform. And I keep several copies of the database around in case of corruption, which I must add, I have not experienced. Does the job.

athelas · 2011-01-29 16:11:30

I am using keepassx, too. I am pretty happy with it and havn't experienced any problems, so far.

ozzolo · 2011-01-29 20:45:04

I use fpm2 (Figaro's Password Manager). light & fast gtk only.

ninian · 2011-01-30 00:34:59

KeePassX for me too, on both Arch and Windows.
Never really had a problem with it in several years ...

silvik · 2011-01-30 11:39:30

Archie_Enthusiasm wrote:

keypassx seems to have problem because of its database ans corruptions on the file (used the thread posted above). Did you experience anything like that?

I heard about this, but never had any problems. Maybe it was fixed at some point. You should make backups anyway

Thor@Flanders · 2011-01-30 17:06:05

Hi,

In the hope not to raise a storm, if so: sorry!
Storing passwords ON a computer is a security risk, I think. I dont even want passwords remembered for the root (no SUDO here) - if you really want security, dont store passwords on a computer encrypted or not.
I'd go for the little "black book" any time.
But, hey, these are my two cents, sorry to bother...

Wellness

Thor

whatshisname · 2011-01-30 17:47:05

A couple of years ago, I found these two scripts on the net somewhere and have been quite pleased. "apass" opens the password file for adding. It takes no parameters. "gpass" searches the file for a password. It takes the string you're looking for as a parameter.

You will be prompted for a password to open the password file in each case. "apass" will ask you to set a password when you close the file.

First "apass":

#!/bin/bash

# name: apass
# usage  "apass" - no parameters

ccdecrypt ~/.ssh/.pw1.txt.cpt
nano ~/.ssh/.pw1.txt
ccencrypt ~/.ssh/.pw1.txt

And "gpass":

#!/bin/bash

# greps encrypted password file for passwords

test -n "$1"  &&  ccat ~/.ssh/.pw1.txt.cpt | grep $1 $2 $3

I like these guys because they're lightening fast and easily portable.

I've adopted the convention of entering all searchable strings, not passwords, in lowercase but that's entirely up to you.

Of course, change the editor to whatever command line editor you prefer.

Zeist · 2011-01-30 18:44:05

I use what I find to be the most cross-platform of all: Lastpass.

Before I started using lastpass I used to use keepassx with my database in a dropbox folder. I only really switched to lastpass since the mobile integration on my n800 and Android phone is a lot better.

A few really important passwords are only in my head and muscles though... but they are only used for the most important things that would be the most damaging if they were hacked.

Last edited by Zeist (2011-01-30 18:45:42)

Archie_Enthusiasm · 2011-02-05 20:37:05

decided to go with keepassx. thanks folks!

anrxc · 2011-02-06 04:14:58

Archie_Enthusiasm wrote:

Do you guys know any of the tools whose source code is already reviewed and confirmed

You answered your own question later. It's been around for a long time and it's multiplatform:

Archie_Enthusiasm wrote:

Does anybody use GNUpg? till now, I always used my RSA key to encrypt a file.

You can also think about what would make this setup better. For me the solution was org-mode http://orgmode.org/

Since I use it for just about everything else, it's excellent for storing sensitive information as well. It should have builtin GPG encryption but I decided on another approach. Name each sensitive file like filename.org.gpg. When you open it in Emacs the GPG mode kicks in first, asks for your passphrase, then org-mode takes over while GPG mode in the background makes sure no information is leaked outside of the buffer.

RedScare · 2011-02-06 22:23:36

This is a bit of a shameless plug, but I was looking for the same thing as the OP and I programmed my own utility called rpass. It is secure, and has a small codebase so if you don't trust it you should be able to review it pretty well. As of right now it has only been tested on the linux commandline, but given the proper environment should be cross-platform.

There is a PKGBUILD/AUR package that takes care of dependencies: http://aur.archlinux.org/packages.php?ID=44788
Also, feel free to browse the GIT repository: https://github.com/rscare/rpass

Arch Linux

#1 2011-01-29 12:45:25

[solved]Good password management tool - which one?

#2 2011-01-29 13:07:32

Re: [solved]Good password management tool - which one?

#3 2011-01-29 13:28:17

Re: [solved]Good password management tool - which one?

#4 2011-01-29 13:44:34

Re: [solved]Good password management tool - which one?

#5 2011-01-29 14:00:07

Re: [solved]Good password management tool - which one?

#6 2011-01-29 14:59:31

Re: [solved]Good password management tool - which one?

#7 2011-01-29 15:02:31

Re: [solved]Good password management tool - which one?

#8 2011-01-29 15:23:17

Re: [solved]Good password management tool - which one?

#9 2011-01-29 16:11:30

Re: [solved]Good password management tool - which one?

#10 2011-01-29 20:45:04

Re: [solved]Good password management tool - which one?

#11 2011-01-30 00:34:59

Re: [solved]Good password management tool - which one?

#12 2011-01-30 11:39:30

Re: [solved]Good password management tool - which one?

#13 2011-01-30 17:06:05

Re: [solved]Good password management tool - which one?

#14 2011-01-30 17:47:05

Re: [solved]Good password management tool - which one?

#15 2011-01-30 18:44:05

Re: [solved]Good password management tool - which one?

#16 2011-02-05 20:37:05

Re: [solved]Good password management tool - which one?

#17 2011-02-06 04:14:58

Re: [solved]Good password management tool - which one?

#18 2011-02-06 22:23:36

Re: [solved]Good password management tool - which one?

Board footer