View previous topic :: View next topic |
Author |
Message |
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Wed Dec 26, 2018 4:21 pm Post subject: Password Safe recommendation |
|
|
I installed apt-crypt/gorilla as it seemed ideal. However, I found that I can't cut and paste my existing passwords into the database although one is supposed to get them out via clipboard.
That makes transferring long random generated passwords difficult if not impossible to transfer without error.
KeepassXC sounds good but I absolutely don't want any passwords stored in "the cloud" no matter how supposedly secure.
Right now I'm using a combo of browser password storage for forums, blogs, and shopping and a plain text file in /home for banking/brokerage.
I'd like to increase my security but since my data has been lost "in the cloud" by the Experian breach, the US Postal Service employee data breach and the Citbank data breach, I have zero confidence in off site storage.
Looking for recommendations, please. |
|
Back to top |
|
|
mike155 Advocate
Joined: 17 Sep 2010 Posts: 4438 Location: Frankfurt, Germany
|
Posted: Wed Dec 26, 2018 5:05 pm Post subject: |
|
|
Quote: | KeepassXC sounds good but I absolutely don't want any passwords stored in "the cloud" no matter how supposedly secure. |
Why do you think KeePassXC stores passwords in the cloud?
I use KeePassXC every day and it stores passwords in an encrypted file on my disk. I really like KeePassXC. It's great! |
|
Back to top |
|
|
PeterF n00b
Joined: 08 Feb 2004 Posts: 8 Location: GMT-6
|
Posted: Wed Dec 26, 2018 5:09 pm Post subject: |
|
|
I haven't experienced the copy/paste issue described. Been using gorilla for few years in a KDE environment. As I use accounts I move them from my plain text file into database gorilla is managing. Quick test and I'm able to paste into all the fields of a new login. Not sure how to resolve for you, but wanted to share that it should be working way you want. |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Wed Dec 26, 2018 5:15 pm Post subject: |
|
|
app-admin/pass and www-plugins/passff works for me. |
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Wed Dec 26, 2018 6:14 pm Post subject: |
|
|
mike155 wrote: | Why do you think KeePassXC stores passwords in the cloud? |
My mistake, that was Lastpass. Keepass and derivatives depend on dbus. Not a fatal flaw, but one that puts it down the list as I try to keep redhat code off my machines as much as possible.
Gorilla is supposed to be drag and drop but for some reason it is not for me. I have no training in the language it's written in so I can't debug it.
I could easily write a drag and drop interface, but have no knowledge of the encryption algorithms and don't want to make a mistake with them.
Why does Keepass use dbus? That's for inter-program communication, certainly not needed for drag and drop which is X11. |
|
Back to top |
|
|
mike155 Advocate
Joined: 17 Sep 2010 Posts: 4438 Location: Frankfurt, Germany
|
Posted: Wed Dec 26, 2018 6:45 pm Post subject: |
|
|
Quote: | Why does Keepass use dbus? |
I wish we could disable the D-Bus interface of KeePassXC. Unfortunately, KeePassXC developers do NOT agree:
When will people learn that you get less security the more features or interfaces you add?
On the other hand: as long as people use KeePassXC in X11 mode (instead of Wayland mode), we don't have to worry about security bugs in the D-Bus interface... |
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Wed Dec 26, 2018 7:08 pm Post subject: |
|
|
mike155 wrote: | Quote: | Why does Keepass use dbus? |
I wish we could disable the D-Bus interface of KeePassXC. Unfortunately, KeePassXC developers do NOT agree:
When will people learn that you get less security the more features or interfaces you add?
On the other hand: as long as people use KeePassXC in X11 mode (instead of Wayland mode), we don't have to worry about security bugs in the D-Bus interface... |
Wow! That thread reveals an attitude by the developers that really puts me off. Also do not want browser integration. My browsers (firefox and palemoon) already store passwords. Don't feel that's secure. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Wed Dec 26, 2018 8:55 pm Post subject: |
|
|
app-admin/passwordsafe
I've been using since long before most cloudy options were created (or certainly before I was aware of them). _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
AJM Apprentice
Joined: 25 Sep 2002 Posts: 189 Location: Aberdeen, Scotland
|
Posted: Wed Dec 26, 2018 9:43 pm Post subject: |
|
|
Another vote for app-admin/pass. I've only started using it fairly recently but I like it because
- It runs in a console so I can easily access my passwords from anywhere via ssh
- It's basically a small shell script around gpg (and optionally, git), no homebrew encryption
- No reliance on third parties, i.e. cloud
- Minimal dependencies
|
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Wed Dec 26, 2018 10:01 pm Post subject: |
|
|
pjp wrote: | app-admin/passwordsafe |
Looks like a wxGTK version of Gorilla. That's good. I have a chance to debug it if there's a problem and have a chance to port it to windows with wxMSW. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Wed Dec 26, 2018 10:44 pm Post subject: |
|
|
Tony0945 wrote: | and have a chance to port it to windows | There is already a Windows version (I think that's where it started). _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Wed Dec 26, 2018 11:21 pm Post subject: |
|
|
pjp wrote: | Tony0945 wrote: | and have a chance to port it to windows | There is already a Windows version (I think that's where it started). |
The Web site says it only supports Win 7 and up. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Thu Dec 27, 2018 4:34 am Post subject: |
|
|
Does Microsoft support 7?
They have "older versions" of 64-bit, 32-bit and XP (available after going to the download page). _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Thu Dec 27, 2018 3:37 pm Post subject: |
|
|
pjp wrote: | Does Microsoft support 7? |
Who cares? I haven't downloaded their "fixes" in years. Not since one screwed up my computer so bad I had to wipe the disk and re-install.
How many years has it been since they released XP? How many bug fixes and now they say it's hopeless? Get on the win 10 train and let us rummage around your files and delete what we think is illegal or malware? No thanks. XP had a nice clean interface and I'm keeping it.
It's dangerous to go on the web? True, but a lot depends on what you do. Is accessing this forum dangerous? Is logging in to my bank dangerous?
Microsoft's development process involves thousands of programmers working in isolation so that only a few know how it fits together. That's a recipe for unending bugs. The bug fixers introduce new bugs because they don't know how their changes affect other code. No thanks.
I'd drop the whole thing if there still weren't two programs that I use almost daily. Yes, there are similar Linux programs, but I don't like them as well. Oh, and I have an old old image manipulation program, Vueprint, that I love. Gimp could do it all and more but I hate gimp. It's too big and complex.
Vuescan also works better than hpscan on Linux. Surely there is no risk in scanning a document into a pdf without ever going near the internet.
pjp wrote: |
They have "older versions" of 64-bit, 32-bit and XP (available after going to the download page). |
Good to know, although I'd prefer to recompile from code (I am addicted to Gentoo) It's even possible that the newer version runs just fine on XP. Many developers automatically dropped XP from their lists for the reason you cite. I was talking to a support person for one who recommend upgrading to v5 of their program. I had orginally bought v3 and paid for an upgrade to v4 when it came out. I told him I would but it requires Win7+. He hesitated and told me, "We don't advertise it but it runs on XP too." I bought v5 and sure enough, it does run fine. |
|
Back to top |
|
|
Jaglover Watchman
Joined: 29 May 2005 Posts: 8291 Location: Saint Amant, Acadiana
|
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Fri Dec 28, 2018 4:06 am Post subject: |
|
|
Tony0945 wrote: | It's dangerous to go on the web? True, but a lot depends on what you do. Is accessing this forum dangerous? Is logging in to my bank dangerous? |
It might be if you use an OS vulnerable to DNS spoofing (no DNSSEC) and SSL spoofing (system certificates from crooked vendors like Symantec)… |
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Fri Dec 28, 2018 2:50 pm Post subject: |
|
|
Ant P. wrote: | Tony0945 wrote: | It's dangerous to go on the web? True, but a lot depends on what you do. Is accessing this forum dangerous? Is logging in to my bank dangerous? |
It might be if you use an OS vulnerable to DNS spoofing (no DNSSEC) and SSL spoofing (system certificates from crooked vendors like Symantec)… |
I'm sure you know more about it than I, but aren't those browser functions rather than OS functions?
BTW, the only time my credit card data was stolen by a website was recently under Gentoo. |
|
Back to top |
|
|
Jaglover Watchman
Joined: 29 May 2005 Posts: 8291 Location: Saint Amant, Acadiana
|
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Fri Dec 28, 2018 9:20 pm Post subject: |
|
|
The browser traditionally uses the system trust store and/or TLS libraries on Windows because enterprise people demanded to have one place to configure MITM stuff for their deep packet inspection firewalls. That's no longer tradition due to the various symantec/comodo/startcom/cnnic forgery scandals, hardware drivers installing CA roots with leaked private keys, and all the SSL weaknesses revealed in the past few years.
It'll be a good idea to test your browser to see how it's affected by this: https://www.ssllabs.com/ssltest/viewMyClient.html |
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Fri Dec 28, 2018 11:35 pm Post subject: |
|
|
Ant P. wrote: | The browser traditionally uses the system trust store and/or TLS libraries on Windows because enterprise people demanded to have one place to configure MITM stuff for their deep packet inspection firewalls. That's no longer tradition due to the various symantec/comodo/startcom/cnnic forgery scandals, hardware drivers installing CA roots with leaked private keys, and all the SSL weaknesses revealed in the past few years.
It'll be a good idea to test your browser to see how it's affected by this: https://www.ssllabs.com/ssltest/viewMyClient.html |
Thanks for the link. Browser passed pretty good. Not quite as good as on Linux where the version is 28.2.2, XP version is 27.9.4 because I'm having trouble porting 28.2.2. It's not available as a binary down load because "Microsoft no longer supports XP". So I should "upgrade" (downgrade it looks like to me) to crappy Win 7 or hideous Win 8 or spyware Win 10? I think not.
Anyway, I don't want to sidetrack this thread.
I did find out why Gorilla was not acting right when portage tried to upgrade virtualbox. They are using incompatible versions of tk or tcl, I forget which. |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Sat Dec 29, 2018 6:00 am Post subject: |
|
|
If you want old Windows but also security fixes, maybe ReactOS would be worth a try? |
|
Back to top |
|
|
|