A lot of these tools on the front page today. I think a lot of them only contain 40-60% of what is required to be useful. Any password safe needs to:
- somehow work on my phone, not just because I sign into things when I'm away from my desk but also because I'm not going to manually copy all the passwords into my phone
- generate secure passwords for me when I need to enter one
- record passwords I use to help me migrate if I'm not using a safe already
- import passwords from other password safes
- support filling the passwords into the page, so that I don't have to open a terminal, decrypt, copy, paste and possibly re-encrypt
- support two factor authentication systems
This isn't a complete list, it's a minimum. It's also nice to support multiple forms of two factor auth, in case my phone gets stolen and it's nice to have a form filler too.
It's ok to be a "unix-style tool" that does one thing and one thing only, but you need to have other tools for doing every other feature that is required.
What's the point of having a second factor auth if both are stored on the same device ? If the phone is compromised electronically or physically then everything is lost.
ccrypt uses a single iteration of a hash function to derive the encryption key from your passphrase, which provides very weak protection against exhaustive searches for your passphrase.
For encrypting a single file with a passphrase, I just use GPG: `gpg -c` to encrypt, and `gpg -d` to decrypt.
6 comments
[ 2.9 ms ] story [ 22.8 ms ] thread- somehow work on my phone, not just because I sign into things when I'm away from my desk but also because I'm not going to manually copy all the passwords into my phone
- generate secure passwords for me when I need to enter one
- record passwords I use to help me migrate if I'm not using a safe already
- import passwords from other password safes
- support filling the passwords into the page, so that I don't have to open a terminal, decrypt, copy, paste and possibly re-encrypt
- support two factor authentication systems
This isn't a complete list, it's a minimum. It's also nice to support multiple forms of two factor auth, in case my phone gets stolen and it's nice to have a form filler too.
It's ok to be a "unix-style tool" that does one thing and one thing only, but you need to have other tools for doing every other feature that is required.
[1]: http://www.zx2c4.com/projects/password-store/
For encrypting a single file with a passphrase, I just use GPG: `gpg -c` to encrypt, and `gpg -d` to decrypt.