Re: password managers
On Tue, 15 Jun 2004 (10:46), Alberto Gonzalez Iniesta wrote: autocmd BufReadPre,FileReadPre *.gpg,*.asc set viminfo= autocmd BufReadPre,FileReadPre *.gpg,*.asc set noswapfile These auto-commands are very interesting... But there is an error: BufReadPre is _not_ executed if the file does not exist, so if you are editing a new file your viminfo setting are the defaults, leaving traces of your encrypted file in your .viminfo . I strongly suggest to add the event 'BufNewFile' to the first 2 autocmd, hoping this can resolve the problem. Ciao, Daniele -- JID: [EMAIL PROTECTED] (http://www.jabber.org) Free your mind signature.asc Description: Digital signature
Re: password managers
On Tue, 15 Jun 2004 (10:46), Alberto Gonzalez Iniesta wrote: autocmd BufReadPre,FileReadPre *.gpg,*.asc set viminfo= autocmd BufReadPre,FileReadPre *.gpg,*.asc set noswapfile These auto-commands are very interesting... But there is an error: BufReadPre is _not_ executed if the file does not exist, so if you are editing a new file your viminfo setting are the defaults, leaving traces of your encrypted file in your .viminfo . I strongly suggest to add the event 'BufNewFile' to the first 2 autocmd, hoping this can resolve the problem. Ciao, Daniele -- JID: [EMAIL PROTECTED] (http://www.jabber.org) Free your mind signature.asc Description: Digital signature
Re: password managers
On Tue, 15 Jun 2004 18:46, Alberto Gonzalez Iniesta [EMAIL PROTECTED] wrote: Some of the applications I run use kwallet, that seems similar to what Russell Cooker described for OS X. No. kwallet can be ptraced, this allows a hostile program to get access to all it's data with ease. Of course in OS/X I expect that you could fool the password manager somehow to get access. But at least they stop ptrace. Also kwallet seems to have no features for restricting access to data. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: password managers
On Tue, Jun 15, 2004 at 12:46:13AM +0200, Stephan Dietl wrote: Hello! andrew lattis [EMAIL PROTECTED] schrieb: what does everyone else use to keep track of all there passwords? Following an article of Martin Joey Schulze in a german magazine i send a mail with the password encryted for myself to me and use it via mutt. I used gringotts, that someone mentioned. Some of the applications I run use kwallet, that seems similar to what Russell Cooker described for OS X. But I use vim (+gpg, that is). Which is a solution similar to the one Stephan talks about, but without having to mail yourself every password. I took it from somewhere I can't remember so credit goes to whoever wrote it. What this does is: - If the file extension is .gpg or .asc, call gpg --decrypt to get the real contents - Edit the file - Call gpg --encrypt before writing to disk. So you keep everything encrypted with your GPG key. From my .vimrc: - cut augroup encrypted au! First make sure nothing is written to ~/.viminfo while editing an encrypted file. autocmd BufReadPre,FileReadPre *.gpg,*.asc set viminfo= We don't want a swap file, as it writes unencrypted data to disk. autocmd BufReadPre,FileReadPre *.gpg,*.asc set noswapfile Switch to binary mode to read the encrypted file. autocmd BufReadPre,FileReadPre *.gpg set bin autocmd BufReadPre,FileReadPre *.gpg,*.asc let ch_save = ch|set ch=2 autocmd BufReadPost,FileReadPost*.gpg,*.asc \ '[,']!sh -c 'gpg --decrypt 2 /dev/null' Switch to normal mode for editing autocmd BufReadPost,FileReadPost*.gpg set nobin autocmd BufReadPost,FileReadPost*.gpg,*.asc let ch = ch_save|unlet ch_save autocmd BufReadPost,FileReadPost*.gpg,*.asc \ execute :doautocmd BufReadPost . expand(%:r) Convert all text to encrypted text before writing autocmd BufWritePre,FileWritePre*.gpg \ '[,']!sh -c 'gpg --default-recipient-self -e 2/dev/null' autocmd BufWritePre,FileWritePre*.gpg set bin autocmd BufWritePre,FileWritePre*.asc \ '[,']!sh -c 'gpg --default-recipient-self -e -a 2/dev/null' Undo the encryption so we are back in the normal text, directly after the file has been written. autocmd BufWritePost,FileWritePost *.gpg,*.asc u autocmd BufWritePost,FileWritePost *.gpg set nobin augroup END --- cut -- Alberto Gonzalez Iniesta | BOFH excuse #399: agi@(agi.as|debian.org)| We are a 100% Microsoft Shop. Encrypted mail preferred | Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: password managers
al what does everyone else use to keep track of all there passwords? I've used 'tkpasman' for years ... nice! http://www.xs4all.nl/~wbsoft/linux/tkpasman.html -- Prof Kenneth H Jacker [EMAIL PROTECTED] Computer Science Dept www.cs.appstate.edu/~khj Appalachian State Univ Boone, NC 28608 USA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: password managers
Try kedpm, its a debian package, and has console as well as GUI support and uses the FPM data, really nice. micah On Tue, 15 Jun 2004, Kenneth Jacker wrote: al what does everyone else use to keep track of all there passwords? I've used 'tkpasman' for years ... nice! http://www.xs4all.nl/~wbsoft/linux/tkpasman.html -- Prof Kenneth H Jacker [EMAIL PROTECTED] Computer Science Dept www.cs.appstate.edu/~khj Appalachian State Univ Boone, NC 28608 USA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: password managers
micah Try kedpm, its a debian package, and has console as well as micah GUI support and uses the FPM data, really nice. Thanks for the suggestion! Though I found a web site for 'kedpm': http://kedpm.sourceforge.net/ the following return no Debian packages: http://packages.debian.org/kedpm nor did sourceforge (only tar files): https://sourceforge.net/project/showfiles.php?group_id=87161 Where are the Debian packages? ;-) Also, a question: one thing I like about 'tkpasman' is the feature which allows two X11 pastes (e.g., username password) immediately after selecting a passworded site. Very convenient ... How is the info transfered out of 'kedpm'? -Kenneth -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: password managers
On Tue, 15 Jun 2004 18:46, Alberto Gonzalez Iniesta [EMAIL PROTECTED] wrote: Some of the applications I run use kwallet, that seems similar to what Russell Cooker described for OS X. No. kwallet can be ptraced, this allows a hostile program to get access to all it's data with ease. Of course in OS/X I expect that you could fool the password manager somehow to get access. But at least they stop ptrace. Also kwallet seems to have no features for restricting access to data. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: password managers
On Tue, Jun 15, 2004 at 12:46:13AM +0200, Stephan Dietl wrote: Hello! andrew lattis [EMAIL PROTECTED] schrieb: what does everyone else use to keep track of all there passwords? Following an article of Martin Joey Schulze in a german magazine i send a mail with the password encryted for myself to me and use it via mutt. I used gringotts, that someone mentioned. Some of the applications I run use kwallet, that seems similar to what Russell Cooker described for OS X. But I use vim (+gpg, that is). Which is a solution similar to the one Stephan talks about, but without having to mail yourself every password. I took it from somewhere I can't remember so credit goes to whoever wrote it. What this does is: - If the file extension is .gpg or .asc, call gpg --decrypt to get the real contents - Edit the file - Call gpg --encrypt before writing to disk. So you keep everything encrypted with your GPG key. From my .vimrc: - cut augroup encrypted au! First make sure nothing is written to ~/.viminfo while editing an encrypted file. autocmd BufReadPre,FileReadPre *.gpg,*.asc set viminfo= We don't want a swap file, as it writes unencrypted data to disk. autocmd BufReadPre,FileReadPre *.gpg,*.asc set noswapfile Switch to binary mode to read the encrypted file. autocmd BufReadPre,FileReadPre *.gpg set bin autocmd BufReadPre,FileReadPre *.gpg,*.asc let ch_save = ch|set ch=2 autocmd BufReadPost,FileReadPost*.gpg,*.asc \ '[,']!sh -c 'gpg --decrypt 2 /dev/null' Switch to normal mode for editing autocmd BufReadPost,FileReadPost*.gpg set nobin autocmd BufReadPost,FileReadPost*.gpg,*.asc let ch = ch_save|unlet ch_save autocmd BufReadPost,FileReadPost*.gpg,*.asc \ execute :doautocmd BufReadPost . expand(%:r) Convert all text to encrypted text before writing autocmd BufWritePre,FileWritePre*.gpg \ '[,']!sh -c 'gpg --default-recipient-self -e 2/dev/null' autocmd BufWritePre,FileWritePre*.gpg set bin autocmd BufWritePre,FileWritePre*.asc \ '[,']!sh -c 'gpg --default-recipient-self -e -a 2/dev/null' Undo the encryption so we are back in the normal text, directly after the file has been written. autocmd BufWritePost,FileWritePost *.gpg,*.asc u autocmd BufWritePost,FileWritePost *.gpg set nobin augroup END --- cut -- Alberto Gonzalez Iniesta | BOFH excuse #399: agi@(agi.as|debian.org)| We are a 100% Microsoft Shop. Encrypted mail preferred | Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
Re: password managers
al what does everyone else use to keep track of all there passwords? I've used 'tkpasman' for years ... nice! http://www.xs4all.nl/~wbsoft/linux/tkpasman.html -- Prof Kenneth H Jacker [EMAIL PROTECTED] Computer Science Dept www.cs.appstate.edu/~khj Appalachian State Univ Boone, NC 28608 USA
Re: password managers
Try kedpm, its a debian package, and has console as well as GUI support and uses the FPM data, really nice. micah On Tue, 15 Jun 2004, Kenneth Jacker wrote: al what does everyone else use to keep track of all there passwords? I've used 'tkpasman' for years ... nice! http://www.xs4all.nl/~wbsoft/linux/tkpasman.html -- Prof Kenneth H Jacker [EMAIL PROTECTED] Computer Science Dept www.cs.appstate.edu/~khj Appalachian State Univ Boone, NC 28608 USA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: password managers
micah Try kedpm, its a debian package, and has console as well as micah GUI support and uses the FPM data, really nice. Thanks for the suggestion! Though I found a web site for 'kedpm': http://kedpm.sourceforge.net/ the following return no Debian packages: http://packages.debian.org/kedpm nor did sourceforge (only tar files): https://sourceforge.net/project/showfiles.php?group_id=87161 Where are the Debian packages? ;-) Also, a question: one thing I like about 'tkpasman' is the feature which allows two X11 pastes (e.g., username password) immediately after selecting a passworded site. Very convenient ... How is the info transfered out of 'kedpm'? -Kenneth
Re: password managers
We use PMS (http://passwordms.sourceforge.net), but I keep meaning to re-write parts of the code to make it multi-user freindly. On Mon, 14 Jun 2004, andrew lattis wrote: currently i've got an ever growing password list in a plain text file stored on an encrypted loopback fs, this is getting cumbersome... figaro's password manager (package fpm) looks nice and uses blowfish to encrypt data but i can't find anything showing any type of third party audit. what does everyone else use to keep track of all there passwords? thanks, andrew -- don't ask questions that lead to answers you don't want to hear -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: password managers
Hello! andrew lattis [EMAIL PROTECTED] schrieb: what does everyone else use to keep track of all there passwords? Following an article of Martin Joey Schulze in a german magazine i send a mail with the password encryted for myself to me and use it via mutt. HTH, Ciao, Steve -- www.cargal.org GnuPG-key-ID: 0x051422A0 Be the change you want to see in the world-Mahatma Gandhi Jabber-ID: [EMAIL PROTECTED] pgpt8MvKhteEp.pgp Description: PGP signature
Re: password managers
On Tue, 15 Jun 2004 04:56, andrew lattis [EMAIL PROTECTED] wrote: currently i've got an ever growing password list in a plain text file stored on an encrypted loopback fs, this is getting cumbersome... figaro's password manager (package fpm) looks nice and uses blowfish to encrypt data but i can't find anything showing any type of third party audit. what does everyone else use to keep track of all there passwords? OS/X from Apple has a password manager program, it allows passwords to be made available to applications for certain time periods (not sure how this is supposed to work as the application could just write it to disk). I think that an ideal password management scheme would be mediated by a SGID application (SGID so that it can access storage unavailable to regular user processes and so that it can't be ptraced). Password storage would be either in a file owned by the user that is mode 0600 under a mode 1770 system directory with group ownership being the group that the management program is SGID to, or a regular file in the home directory that is encrypted (requiring a password authentication for the first login of the day or something similar). The password management system would need to have helpers for managing passwords that would be called by the application. For example there would be POP and IMAP helpers which would establish a connection to the mail server, authenticate, and then use a unix domain socket to pass the file handle for the TCP socket back to the calling application (so the MUA would never be able to recover the password). -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: password managers
We use PMS (http://passwordms.sourceforge.net), but I keep meaning to re-write parts of the code to make it multi-user freindly. On Mon, 14 Jun 2004, andrew lattis wrote: currently i've got an ever growing password list in a plain text file stored on an encrypted loopback fs, this is getting cumbersome... figaro's password manager (package fpm) looks nice and uses blowfish to encrypt data but i can't find anything showing any type of third party audit. what does everyone else use to keep track of all there passwords? thanks, andrew -- don't ask questions that lead to answers you don't want to hear
Re: password managers
On Mon, Jun 14, 2004 at 02:56:15PM -0400, andrew lattis wrote: what does everyone else use to keep track of all there passwords? Try gringotts. -- -- Dale Amon [EMAIL PROTECTED]+44-7802-188325 International linux systems consultancy Hardware software system design, security and networking, systems programming and Admin Have Laptop, Will Travel --
Re: password managers
Hello! andrew lattis [EMAIL PROTECTED] schrieb: what does everyone else use to keep track of all there passwords? Following an article of Martin Joey Schulze in a german magazine i send a mail with the password encryted for myself to me and use it via mutt. HTH, Ciao, Steve -- www.cargal.org GnuPG-key-ID: 0x051422A0 Be the change you want to see in the world-Mahatma Gandhi Jabber-ID: [EMAIL PROTECTED] pgphJXSyFal91.pgp Description: PGP signature
Re: password managers
On Tue, 15 Jun 2004 04:56, andrew lattis [EMAIL PROTECTED] wrote: currently i've got an ever growing password list in a plain text file stored on an encrypted loopback fs, this is getting cumbersome... figaro's password manager (package fpm) looks nice and uses blowfish to encrypt data but i can't find anything showing any type of third party audit. what does everyone else use to keep track of all there passwords? OS/X from Apple has a password manager program, it allows passwords to be made available to applications for certain time periods (not sure how this is supposed to work as the application could just write it to disk). I think that an ideal password management scheme would be mediated by a SGID application (SGID so that it can access storage unavailable to regular user processes and so that it can't be ptraced). Password storage would be either in a file owned by the user that is mode 0600 under a mode 1770 system directory with group ownership being the group that the management program is SGID to, or a regular file in the home directory that is encrypted (requiring a password authentication for the first login of the day or something similar). The password management system would need to have helpers for managing passwords that would be called by the application. For example there would be POP and IMAP helpers which would establish a connection to the mail server, authenticate, and then use a unix domain socket to pass the file handle for the TCP socket back to the calling application (so the MUA would never be able to recover the password). -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
