Re: [Lista Criptica] Just another password manager

Supprimer ce message

Répondre à ce message
Auteur: kakak
Date:  
À: list_criptica
Sujet: Re: [Lista Criptica] Just another password manager
M... But the hard-drive encryption only protect your data if the drive
is encrypted, so, in most of cases, when the OS is down and computer
unpowered.

If what you mean is to use a secure strong ecrypted volume to store the
amounts of passwords, that is what do for you keepass, for example.

The advantage for me in this case, is that keepass has the process
memory protection[1]:

* Process Memory Protection: Your passwords are encrypted while KeePass
is running, so even when the operating system dumps the KeePass process
to disk, your passwords aren't revealed.

And this is a definitively advantage. Is keepass a potentially backdoor?

There are another way to store your password data and use some kind if
"process memory protection": use a simple text editor, with a plugin
that every-time that stores something, use gpg2 integration to store the
content using symmetric or asymmetric enc. In this way, also, the data
are never stored decrypted[2]

[1]http://keepass.info/features.html#lnksec

[2] Using Gedit, with symmetric enc:

edit > preferences > complements > enable external tools
tools > manage external tools

Create new external tool, where input are the actual selection and
output replace actual selection. Also configure your preferred shortcut

For enc:
#!/bin/bash
stdin=$(cat)

if [ ! "${stdin:0:27}" == "-----BEGIN PGP MESSAGE-----"  ]; then
    echo "$stdin" | gpg2 --cipher-algo AES256 -c -a  --no-tty
--use-agent - 2> /dev/null
else
    echo "$stdin"
fi


For dec:
#!/bin/bash
stdin=$(cat)

if [ "${stdin:0:27}" == "-----BEGIN PGP MESSAGE-----"  ]; then
    echo "$stdin" | gpg2 --cipher-algo AES256 -d -a --no-tty --use-agent
- 2> /dev/null
else
    echo "$stdin"
fi



Alex Antener:
> What is the advantage using a *potentially* insecure passphrase wallet,
> if a user already uses a harddrive ecryption with a *strong* crypto. -
> Isn't this just potentially opening backdoors for a box that is
> perfectly fine *without*?!?
>
> :-P Lix
>
>
>
> _______________________________________________
> list_criptica mailing list
> list_criptica@???
> Lista de correo de debate de Criptica
>


--
9556 5A6B 0ADD FDC7 7C37 B732 FB9A 2BCD F455 4748
BM-2cWhSvqrLh532oqFZstdiCfDdFyw6wTCtG
ricochet:jqocmaztozbaya5r

Fin de la cita.