Re: [Lista Criptica] Just another password manager

Delete this message

Reply to this message
Autor: fadelkon
Data:  
A: Criptica - Llista de debat, guifipedro, list_criptica
Assumpte: Re: [Lista Criptica] Just another password manager
Però per què una interfície web? A mi em sembla contraproduent. Quin problema li veieu a keepassx?

On 12 de juny de 2017 16:50:53 CEST, guifipedro <guifipedro@???> wrote:
>I investigated a little bit (JUST LITTLE BIT OF TESTING, DO NOT TRUST.
>Hope some day we will research deeply)
>
>I found an alternative to buttercup:
>
>https://github.com/keeweb/keeweb
>https://keeweb.info/
>
>this way you can import/export open/save keepass database (for me seems
>great)
>
>a question is if buttercup manages concurrent users modifying the file
>(keeweb does not do that, but facilitates its integration with a system
>that manages that concurrency such as owncloud/nextcloud or webdav)
>
>I cannot spend more time today, but I found a fork of keepassx that
>seems great:
>
>https://keepassxc.org/
>
>they have a web interface
>
>
>
>I also liked the centralized/corporate approach of vault:
>https://www.vaultproject.io/
>
>but at the moment I don't see how this can be applied to little groups
>of activists
>
>
>
>well, somehow:
>https://github.com/hashicorp/vault/issues/817
>-> https://github.com/nyxcharon/vault-ui
>-> https://github.com/AMeng/vault-web
>
>
>
>
>about pass
>https://wiki.archlinux.org/index.php/Pass
>https://www.passwordstore.org/
>
>today I tried what I could find about GUIs:
>
>https://qtpass.org/
>https://github.com/eirc/pass.js
>I liked! -> https://www.npmjs.com/package/pass-web
>
>
>On 06/09/2017 10:11 AM, kakak wrote:
>> M... But the hard-drive encryption only protect your data if the
>drive
>> is encrypted, so, in most of cases, when the OS is down and computer
>> unpowered.
>>
>> If what you mean is to use a secure strong ecrypted volume to store
>the
>> amounts of passwords, that is what do for you keepass, for example.
>>
>> The advantage for me in this case, is that keepass has the process
>> memory protection[1]:
>>
>> * Process Memory Protection: Your passwords are encrypted while
>KeePass
>> is running, so even when the operating system dumps the KeePass
>process
>> to disk, your passwords aren't revealed.
>>
>> And this is a definitively advantage. Is keepass a potentially
>backdoor?
>>
>> There are another way to store your password data and use some kind
>if
>> "process memory protection": use a simple text editor, with a plugin
>> that every-time that stores something, use gpg2 integration to store
>the
>> content using symmetric or asymmetric enc. In this way, also, the
>data
>> are never stored decrypted[2]
>>
>> [1]http://keepass.info/features.html#lnksec
>>
>> [2] Using Gedit, with symmetric enc:
>>
>> edit > preferences > complements > enable external tools
>> tools > manage external tools
>>
>> Create new external tool, where input are the actual selection and
>> output replace actual selection. Also configure your preferred
>shortcut
>>
>> For enc:
>> #!/bin/bash
>> stdin=$(cat)
>>
>> if [ ! "${stdin:0:27}" == "-----BEGIN PGP MESSAGE-----"  ]; then
>>     echo "$stdin" | gpg2 --cipher-algo AES256 -c -a  --no-tty
>> --use-agent - 2> /dev/null
>> else
>>     echo "$stdin"
>> fi

>>
>> For dec:
>> #!/bin/bash
>> stdin=$(cat)
>>
>> if [ "${stdin:0:27}" == "-----BEGIN PGP MESSAGE-----"  ]; then
>>     echo "$stdin" | gpg2 --cipher-algo AES256 -d -a --no-tty
>--use-agent
>> - 2> /dev/null
>> else
>>     echo "$stdin"
>> fi

>>
>>
>> Alex Antener:
>>> What is the advantage using a *potentially* insecure passphrase
>wallet,
>>> if a user already uses a harddrive ecryption with a *strong* crypto.
>-
>>> Isn't this just potentially opening backdoors for a box that is
>>> perfectly fine *without*?!?
>>>
>>> :-P Lix
>
>_______________________________________________
>list_criptica mailing list
>list_criptica@???
>Lista de correo de debate de Criptica


--
Sent from my Android device with K-9 Mail. Please excuse my brevity.