Re: [Lista Criptica] Just another password manager

このメッセージを削除

このメッセージに返信
著者: guifipedro
日付:  
To: list_criptica
題目: Re: [Lista Criptica] Just another password manager
I investigated a little bit (JUST LITTLE BIT OF TESTING, DO NOT TRUST.
Hope some day we will research deeply)

I found an alternative to buttercup:

https://github.com/keeweb/keeweb
https://keeweb.info/

this way you can import/export open/save keepass database (for me seems
great)

a question is if buttercup manages concurrent users modifying the file
(keeweb does not do that, but facilitates its integration with a system
that manages that concurrency such as owncloud/nextcloud or webdav)

I cannot spend more time today, but I found a fork of keepassx that
seems great:

https://keepassxc.org/

they have a web interface



I also liked the centralized/corporate approach of vault:
https://www.vaultproject.io/

but at the moment I don't see how this can be applied to little groups
of activists



well, somehow:
https://github.com/hashicorp/vault/issues/817
-> https://github.com/nyxcharon/vault-ui
-> https://github.com/AMeng/vault-web




about pass
https://wiki.archlinux.org/index.php/Pass
https://www.passwordstore.org/

today I tried what I could find about GUIs:

https://qtpass.org/
https://github.com/eirc/pass.js
I liked! -> https://www.npmjs.com/package/pass-web


On 06/09/2017 10:11 AM, kakak wrote:
> M... But the hard-drive encryption only protect your data if the drive
> is encrypted, so, in most of cases, when the OS is down and computer
> unpowered.
>
> If what you mean is to use a secure strong ecrypted volume to store the
> amounts of passwords, that is what do for you keepass, for example.
>
> The advantage for me in this case, is that keepass has the process
> memory protection[1]:
>
> * Process Memory Protection: Your passwords are encrypted while KeePass
> is running, so even when the operating system dumps the KeePass process
> to disk, your passwords aren't revealed.
>
> And this is a definitively advantage. Is keepass a potentially backdoor?
>
> There are another way to store your password data and use some kind if
> "process memory protection": use a simple text editor, with a plugin
> that every-time that stores something, use gpg2 integration to store the
> content using symmetric or asymmetric enc. In this way, also, the data
> are never stored decrypted[2]
>
> [1]http://keepass.info/features.html#lnksec
>
> [2] Using Gedit, with symmetric enc:
>
> edit > preferences > complements > enable external tools
> tools > manage external tools
>
> Create new external tool, where input are the actual selection and
> output replace actual selection. Also configure your preferred shortcut
>
> For enc:
> #!/bin/bash
> stdin=$(cat)
>
> if [ ! "${stdin:0:27}" == "-----BEGIN PGP MESSAGE-----"  ]; then
>     echo "$stdin" | gpg2 --cipher-algo AES256 -c -a  --no-tty
> --use-agent - 2> /dev/null
> else
>     echo "$stdin"
> fi

>
> For dec:
> #!/bin/bash
> stdin=$(cat)
>
> if [ "${stdin:0:27}" == "-----BEGIN PGP MESSAGE-----"  ]; then
>     echo "$stdin" | gpg2 --cipher-algo AES256 -d -a --no-tty --use-agent
> - 2> /dev/null
> else
>     echo "$stdin"
> fi

>
>
> Alex Antener:
>> What is the advantage using a *potentially* insecure passphrase wallet,
>> if a user already uses a harddrive ecryption with a *strong* crypto. -
>> Isn't this just potentially opening backdoors for a box that is
>> perfectly fine *without*?!?
>>
>> :-P Lix