Re: [linux] password keepers

2024-03-22 Thread Dianne Skoll via linux
On Thu, 21 Mar 2024 21:25:59 -0400
Alex Pilon , linux@linux-ottawa.org wrote:

> I meant your changes.

I didn't make them public.  They're trivial; merely changing the
ssl(cmd), ssl(enc) and ssl(salt) settings.

Regards,

Dianne.

To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org
To get help send a blank message to linux+h...@linux-ottawa.org
To visit the archives: https://lists.linux-ottawa.org



Re: [linux] password keepers

2024-03-21 Thread Dianne Skoll via linux
On Thu, 21 Mar 2024 17:31:39 -0400
Alex Pilon  wrote:

> I get NXDOMAIN from that in Chrome, because the last in the chain of
> CNAMEs SERVFAILs periodically, on my local resolver or against
> 8.8.8.8. Is it just my site or my part of the Internet?

Works fine for me.  Also doing "host wbsoft.home.xs4all.nl 8.8.8.8"
works fine for me too.

> It's not _that_ big of a deal, but it might be worth switching to
> scrypt or argon2id, and AES-256. Where's the code?

On the site that apparently doesn't resolve for you.

https://wbsoft.home.xs4all.nl/linux/projects/TkPasMan-2.2b.tar.gz

You can easily edit the script to call any symmetric encryption
algorithm that openssl supports.

Reagrds,

Dianne.

To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org
To get help send a blank message to linux+h...@linux-ottawa.org
To visit the archives: https://lists.linux-ottawa.org



Re: [linux] password keepers

2024-03-21 Thread Alex Pilon via linux
On Thu, Mar 21, 2024 at 03:18:40PM -0400, Dianne Skoll via linux wrote:
> Because I use a password keeper strictly for my own use and not any kind
> of sharing across a company, I use a modified version of TkPasman.
> 
> https://wbsoft.home.xs4all.nl/linux/tkpasman.html

I get NXDOMAIN from that in Chrome, because the last in the chain of
CNAMEs SERVFAILs periodically, on my local resolver or against 8.8.8.8.
Is it just my site or my part of the Internet?

> It's unfortunately no longer maintained, but I hacked it slightly to
> improve the encryption algorithm that it uses.  It stores passwords
> in a local file encrypted with openssl's aes-128 encryption algorithm.

It's not _that_ big of a deal, but it might be worth switching to
scrypt or argon2id, and AES-256. Where's the code?

 * * *

Also, though not as important, I'm not the only one who sees a broken
thread, right?

The original:

Message-Id: <20240321141910.1f82f60...@mail.linux-ottawa.org>

The reply:

Message-Id: <20240321191856.afba060...@mail.linux-ottawa.org>
In-Reply-To: <20240321174035.e5b7260...@mail.linux-ottawa.org>
References: <20240321141904.0923d60...@mail.linux-ottawa.org>
<20240321172910.e981360...@mail.linux-ottawa.org>
<20240321174035.e5b7260...@mail.linux-ottawa.org>

To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org
To get help send a blank message to linux+h...@linux-ottawa.org
To visit the archives: https://lists.linux-ottawa.org



Re: [linux] password keepers

2024-03-21 Thread Dianne Skoll via linux
Hi,

Because I use a password keeper strictly for my own use and not any kind
of sharing across a company, I use a modified version of TkPasman.

https://wbsoft.home.xs4all.nl/linux/tkpasman.html

It's unfortunately no longer maintained, but I hacked it slightly to
improve the encryption algorithm that it uses.  It stores passwords
in a local file encrypted with openssl's aes-128 encryption algorithm.
I back up this encrypted file to several locations including one
off-site location.

Again... not for everyone, but if you're looking for something
self-hosted, open-source and dead simple to deploy, might be worth a
look.

Regards,

Dianne.

To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org
To get help send a blank message to linux+h...@linux-ottawa.org
To visit the archives: https://lists.linux-ottawa.org



Re: [linux] password keepers

2024-03-21 Thread Alan McKay via linux
A couple of years ago at work we went through an analysis of password
managers to use at work, and we ended up with Bitwarden as it was the
only one that met all of our requirements.   Our process for selecting
a product like this is pretty extensive.  I can't really say much more
than that other than that we've been running it in production for
about 18 months now and have been extremely happy with it.   We chose
the on-prem option.  It is pretty easy to manage, pretty easy to do
regular updates.  Pretty easy to have groups of people who share
passwords.

To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org
To get help send a blank message to linux+h...@linux-ottawa.org
To visit the archives: https://lists.linux-ottawa.org



Re: [linux] password keepers

2024-03-21 Thread Jean-Francois Messier via linux
I have been using Bitwarden for several years now. My main move to
Bitwarden was the fact it is all open source, available to be
installed locally on my own servers if I want, and that it was much cheaper
than any other solution. I can give some demos, but to give demos of some
advanced features, I would need to either have a separate paid account or
use my own, but the fact that it contains passwords and keys limits what I
could display. I wanted to have my own install of Bitwarden, but never had
much time for this. However, I would be willing to have an install on one
of my VPS servers in Beauharnois. If there is an interest, I may try to
find time to get something up and running.

FYI: I used Lastpass previously, but they became very expensive, and
numerous incidents were reported about Lastpass, although no passwords were
reportedly leaked. As a comparison, Bitwarden costs $10 a year, and their
price did not change for multiple years so far.

JFM

On Thu, Mar 21, 2024 at 10:20 AM Nash JC - NCF via linux <
linux@linux-ottawa.org> wrote:

> For the past few months I've been looking into secure cloud storage,
> partly for
> use with my writings (about 80GB) and partly for use for my own scripted
> "password" manager. My password setup handles a lot of extra stuff like
> serial numbers,
> document references and things that aren't passwords but just small text
> blocks. Some of you have probably seen some queries I've put around about
> cloud
> storage. Quite a bit of annoying detail there, and that has been written up
> in draft form.
>
> A particular need is to export the data to a text file that is regularly
> put on a USB in a secure storage for institutional executors, with the
> decryption keys kept separately.
>
> Bitwarden looks like a possibility, if anyone has experience with it.
> I'd also be interested in other perspectives.
>
> I've been writing up my investigations, and will be happy to give a talk
> on my findings, as I can't believe issues like these are peculiar to me.
> So comments and suggestions are welcome, if possible with context, as I've
> been finding small details seem to get in the way of convenient usage.
>
> Best,
>
> John Nash
>
> To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org
> To get help send a blank message to linux+h...@linux-ottawa.org
> To visit the archives: https://lists.linux-ottawa.org
>
>

-- 
Geek, c'est ma nature
Linux, c'est mon choix !


[linux] password keepers

2024-03-21 Thread Nash JC - NCF via linux

For the past few months I've been looking into secure cloud storage, partly for
use with my writings (about 80GB) and partly for use for my own scripted
"password" manager. My password setup handles a lot of extra stuff like serial 
numbers,
document references and things that aren't passwords but just small text
blocks. Some of you have probably seen some queries I've put around about cloud
storage. Quite a bit of annoying detail there, and that has been written up
in draft form.

A particular need is to export the data to a text file that is regularly
put on a USB in a secure storage for institutional executors, with the
decryption keys kept separately.

Bitwarden looks like a possibility, if anyone has experience with it.
I'd also be interested in other perspectives.

I've been writing up my investigations, and will be happy to give a talk
on my findings, as I can't believe issues like these are peculiar to me.
So comments and suggestions are welcome, if possible with context, as I've
been finding small details seem to get in the way of convenient usage.

Best,

John Nash

To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org
To get help send a blank message to linux+h...@linux-ottawa.org
To visit the archives: https://lists.linux-ottawa.org