Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Password Safe recommendation
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2954
Location: Illinois, USA

PostPosted: Wed Dec 26, 2018 4:21 pm    Post subject: Password Safe recommendation Reply with quote

I installed apt-crypt/gorilla as it seemed ideal. However, I found that I can't cut and paste my existing passwords into the database although one is supposed to get them out via clipboard.
That makes transferring long random generated passwords difficult if not impossible to transfer without error.

KeepassXC sounds good but I absolutely don't want any passwords stored in "the cloud" no matter how supposedly secure.
Right now I'm using a combo of browser password storage for forums, blogs, and shopping and a plain text file in /home for banking/brokerage.
I'd like to increase my security but since my data has been lost "in the cloud" by the Experian breach, the US Postal Service employee data breach and the Citbank data breach, I have zero confidence in off site storage.

Looking for recommendations, please.
Back to top
View user's profile Send private message
mike155
Veteran
Veteran


Joined: 17 Sep 2010
Posts: 1072
Location: Frankfurt, Germany

PostPosted: Wed Dec 26, 2018 5:05 pm    Post subject: Reply with quote

Quote:
KeepassXC sounds good but I absolutely don't want any passwords stored in "the cloud" no matter how supposedly secure.

Why do you think KeePassXC stores passwords in the cloud?

I use KeePassXC every day and it stores passwords in an encrypted file on my disk. I really like KeePassXC. It's great!
Back to top
View user's profile Send private message
PeterF
n00b
n00b


Joined: 08 Feb 2004
Posts: 8
Location: GMT-6

PostPosted: Wed Dec 26, 2018 5:09 pm    Post subject: Reply with quote

I haven't experienced the copy/paste issue described. Been using gorilla for few years in a KDE environment. As I use accounts I move them from my plain text file into database gorilla is managing. Quick test and I'm able to paste into all the fields of a new login. Not sure how to resolve for you, but wanted to share that it should be working way you want.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5646

PostPosted: Wed Dec 26, 2018 5:15 pm    Post subject: Reply with quote

app-admin/pass and www-plugins/passff works for me.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2954
Location: Illinois, USA

PostPosted: Wed Dec 26, 2018 6:14 pm    Post subject: Reply with quote

mike155 wrote:
Why do you think KeePassXC stores passwords in the cloud?

My mistake, that was Lastpass. Keepass and derivatives depend on dbus. Not a fatal flaw, but one that puts it down the list as I try to keep redhat code off my machines as much as possible.

Gorilla is supposed to be drag and drop but for some reason it is not for me. I have no training in the language it's written in so I can't debug it.
I could easily write a drag and drop interface, but have no knowledge of the encryption algorithms and don't want to make a mistake with them.

Why does Keepass use dbus? That's for inter-program communication, certainly not needed for drag and drop which is X11.
Back to top
View user's profile Send private message
mike155
Veteran
Veteran


Joined: 17 Sep 2010
Posts: 1072
Location: Frankfurt, Germany

PostPosted: Wed Dec 26, 2018 6:45 pm    Post subject: Reply with quote

Quote:
Why does Keepass use dbus?

I wish we could disable the D-Bus interface of KeePassXC. Unfortunately, KeePassXC developers do NOT agree:
When will people learn that you get less security the more features or interfaces you add?

On the other hand: as long as people use KeePassXC in X11 mode (instead of Wayland mode), we don't have to worry about security bugs in the D-Bus interface...
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2954
Location: Illinois, USA

PostPosted: Wed Dec 26, 2018 7:08 pm    Post subject: Reply with quote

mike155 wrote:
Quote:
Why does Keepass use dbus?

I wish we could disable the D-Bus interface of KeePassXC. Unfortunately, KeePassXC developers do NOT agree:
When will people learn that you get less security the more features or interfaces you add?

On the other hand: as long as people use KeePassXC in X11 mode (instead of Wayland mode), we don't have to worry about security bugs in the D-Bus interface...


Wow! That thread reveals an attitude by the developers that really puts me off. Also do not want browser integration. My browsers (firefox and palemoon) already store passwords. Don't feel that's secure.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17811

PostPosted: Wed Dec 26, 2018 8:55 pm    Post subject: Reply with quote

app-admin/passwordsafe

I've been using since long before most cloudy options were created (or certainly before I was aware of them).
_________________

Believing I had supernatural powers I slammed into a brick wall.
I said hey, is this my problem? Is this my fault?
Back to top
View user's profile Send private message
AJM
Tux's lil' helper
Tux's lil' helper


Joined: 25 Sep 2002
Posts: 98
Location: Aberdeen, Scotland

PostPosted: Wed Dec 26, 2018 9:43 pm    Post subject: Reply with quote

Another vote for app-admin/pass. I've only started using it fairly recently but I like it because

  • It runs in a console so I can easily access my passwords from anywhere via ssh
  • It's basically a small shell script around gpg (and optionally, git), no homebrew encryption
  • No reliance on third parties, i.e. cloud
  • Minimal dependencies
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2954
Location: Illinois, USA

PostPosted: Wed Dec 26, 2018 10:01 pm    Post subject: Reply with quote

pjp wrote:
app-admin/passwordsafe

Looks like a wxGTK version of Gorilla. That's good. I have a chance to debug it if there's a problem and have a chance to port it to windows with wxMSW.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17811

PostPosted: Wed Dec 26, 2018 10:44 pm    Post subject: Reply with quote

Tony0945 wrote:
and have a chance to port it to windows
There is already a Windows version (I think that's where it started).
_________________

Believing I had supernatural powers I slammed into a brick wall.
I said hey, is this my problem? Is this my fault?
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2954
Location: Illinois, USA

PostPosted: Wed Dec 26, 2018 11:21 pm    Post subject: Reply with quote

pjp wrote:
Tony0945 wrote:
and have a chance to port it to windows
There is already a Windows version (I think that's where it started).

The Web site says it only supports Win 7 and up.
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 17811

PostPosted: Thu Dec 27, 2018 4:34 am    Post subject: Reply with quote

Does Microsoft support 7?

They have "older versions" of 64-bit, 32-bit and XP (available after going to the download page).
_________________

Believing I had supernatural powers I slammed into a brick wall.
I said hey, is this my problem? Is this my fault?
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2954
Location: Illinois, USA

PostPosted: Thu Dec 27, 2018 3:37 pm    Post subject: Reply with quote

pjp wrote:
Does Microsoft support 7?

Who cares? I haven't downloaded their "fixes" in years. Not since one screwed up my computer so bad I had to wipe the disk and re-install.
How many years has it been since they released XP? How many bug fixes and now they say it's hopeless? Get on the win 10 train and let us rummage around your files and delete what we think is illegal or malware? No thanks. XP had a nice clean interface and I'm keeping it.
It's dangerous to go on the web? True, but a lot depends on what you do. Is accessing this forum dangerous? Is logging in to my bank dangerous?
Microsoft's development process involves thousands of programmers working in isolation so that only a few know how it fits together. That's a recipe for unending bugs. The bug fixers introduce new bugs because they don't know how their changes affect other code. No thanks.
I'd drop the whole thing if there still weren't two programs that I use almost daily. Yes, there are similar Linux programs, but I don't like them as well. Oh, and I have an old old image manipulation program, Vueprint, that I love. Gimp could do it all and more but I hate gimp. It's too big and complex.
Vuescan also works better than hpscan on Linux. Surely there is no risk in scanning a document into a pdf without ever going near the internet.

pjp wrote:

They have "older versions" of 64-bit, 32-bit and XP (available after going to the download page).

Good to know, although I'd prefer to recompile from code (I am addicted to Gentoo) It's even possible that the newer version runs just fine on XP. Many developers automatically dropped XP from their lists for the reason you cite. I was talking to a support person for one who recommend upgrading to v5 of their program. I had orginally bought v3 and paid for an upgrade to v4 when it came out. I told him I would but it requires Win7+. He hesitated and told me, "We don't advertise it but it runs on XP too." I bought v5 and sure enough, it does run fine.
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 7040
Location: Saint Amant, Acadiana

PostPosted: Thu Dec 27, 2018 3:45 pm    Post subject: Reply with quote

XP and banking? No, thanks. I live happily without Windows. I do have a Hackintosh for some tasks, though. An i3, 8 GB RAM, 500 MB drive. Cost - $99 from eBay, free shipping. Anybody can afford that.
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5646

PostPosted: Fri Dec 28, 2018 4:06 am    Post subject: Reply with quote

Tony0945 wrote:
It's dangerous to go on the web? True, but a lot depends on what you do. Is accessing this forum dangerous? Is logging in to my bank dangerous?

It might be if you use an OS vulnerable to DNS spoofing (no DNSSEC) and SSL spoofing (system certificates from crooked vendors like Symantec)…
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2954
Location: Illinois, USA

PostPosted: Fri Dec 28, 2018 2:50 pm    Post subject: Reply with quote

Ant P. wrote:
Tony0945 wrote:
It's dangerous to go on the web? True, but a lot depends on what you do. Is accessing this forum dangerous? Is logging in to my bank dangerous?

It might be if you use an OS vulnerable to DNS spoofing (no DNSSEC) and SSL spoofing (system certificates from crooked vendors like Symantec)…


I'm sure you know more about it than I, but aren't those browser functions rather than OS functions?

BTW, the only time my credit card data was stolen by a website was recently under Gentoo.
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 7040
Location: Saint Amant, Acadiana

PostPosted: Fri Dec 28, 2018 3:04 pm    Post subject: Reply with quote

Incompetent web site maintainers and/or phishing have nothing to do with your OS.
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5646

PostPosted: Fri Dec 28, 2018 9:20 pm    Post subject: Reply with quote

The browser traditionally uses the system trust store and/or TLS libraries on Windows because enterprise people demanded to have one place to configure MITM stuff for their deep packet inspection firewalls. That's no longer tradition due to the various symantec/comodo/startcom/cnnic forgery scandals, hardware drivers installing CA roots with leaked private keys, and all the SSL weaknesses revealed in the past few years.

It'll be a good idea to test your browser to see how it's affected by this: https://www.ssllabs.com/ssltest/viewMyClient.html
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 2954
Location: Illinois, USA

PostPosted: Fri Dec 28, 2018 11:35 pm    Post subject: Reply with quote

Ant P. wrote:
The browser traditionally uses the system trust store and/or TLS libraries on Windows because enterprise people demanded to have one place to configure MITM stuff for their deep packet inspection firewalls. That's no longer tradition due to the various symantec/comodo/startcom/cnnic forgery scandals, hardware drivers installing CA roots with leaked private keys, and all the SSL weaknesses revealed in the past few years.

It'll be a good idea to test your browser to see how it's affected by this: https://www.ssllabs.com/ssltest/viewMyClient.html

Thanks for the link. Browser passed pretty good. Not quite as good as on Linux where the version is 28.2.2, XP version is 27.9.4 because I'm having trouble porting 28.2.2. It's not available as a binary down load because "Microsoft no longer supports XP". So I should "upgrade" (downgrade it looks like to me) to crappy Win 7 or hideous Win 8 or spyware Win 10? I think not.

Anyway, I don't want to sidetrack this thread.

I did find out why Gorilla was not acting right when portage tried to upgrade virtualbox. They are using incompatible versions of tk or tcl, I forget which.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5646

PostPosted: Sat Dec 29, 2018 6:00 am    Post subject: Reply with quote

If you want old Windows but also security fixes, maybe ReactOS would be worth a try?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum