Password vault programs for Linux, Windows, Smartphones

Jerry Feldman gaf-mNDKBlG2WHs at public.gmane.org
Wed Mar 10 14:19:54 EST 2010 

Thanks, since I already replied directly to you I won't belabor the rest 
of you all.
As I mentioned, there are many password storage programs with a large 
number that have good ratings. The three I listed all have Android, 
Windows, and Linux apps. I think you make a very good point about using 
a different random password for everything on the web. As I mentioned, I 
don't exactly understand "Simply copying the password database (with the 
encryption key shortened to accommodate the clunky BlackBerry keypad)".  
Are you talking about a "pass phrase" or an actual encryption key. 
Additionally, I understand that the encryption methods being used are 
AES and TwoFish. As I originally stated, I probably would retain the 
database on the internal microSD that can be shared across platform.

Also, do you use a single master password or a key file.

On 03/10/2010 12:14 PM, Brendan Kidwell wrote:
> (Sorry for the repeat Jerry. Once again I forgot to Reply-To-All the 
> first time I sent it!)
>
> Let me share my experience in the last year or two...
>
> I decided to go all-out and generate a different, random password for 
> EVERYTHING. Trust no holders of your credentials not to leak them.
>
> In the past I've used Password Gorilla, and then I migrated to ... 
> something else whose name I don't remember. I tried putting them in a 
> notebook in an encrypted filesystem < 
> http://www.glump.net/howto/passwords_zim >. These solutions all worked 
> out quite well, except that there was no way to sync to my Blackberry.
>
> I then tried KeePass 2.x (.NET/Mono WinForms app) followed by KeePass 
> 1.x/KeePassX.
>
> The 2.x series of KeePass included a Java mobile app that is ported to 
> many platforms including BlackBerry. I did NOT use the BlackBerry 
> desktop manager app -- it's junk. Simply copying the password database 
> (with the encryption key shortened to accommodate the clunky 
> BlackBerry keypad) to the BlackBerry's storage via USB worked out 
> perfectly well. I do not sync bidirectionally; I push down to 
> BlackBerry once a month or so. (If I wanted to, I could put new 
> entries from the BlackBerry in a "todo" category and manually enter 
> them upstream before pushing.)
>
> In my experience, all desktop versions of KeePass and all BlackBerry 
> ports work fine with the system clipboard. Jerry I'm not sure why you 
> seem to have had a problem with it.
>
> Two problems I had with 2.x:
>
> 1) It's a WinForms app and it doesn't work so well under Mono and X -- 
> especially if you do not use GNOME or KDE environments. I was using 
> the ion3 window manager for a while, and while everything else worked, 
> KeePass 2.x had a tendency to not draw text in certain controls. 
> That's a bit of a downer.
>
> 2) KeePass 2.x for BlackBerry uses more memory and processing time 
> than KeePass 1.x for Blackberry.
>
> I found out that KeePass 1.x -- kinda like Apache 1.x for such a long 
> time -- will be supported for "the foreseeable future". And KeePassX, 
> the X port of KeePass 1.x, works perfectly on any desktop I try it on. 
> The BlackBerry port works fine.
>
> The KeePass 2.x file format has more features than the 1.x file 
> format, but you'll find that pretty much all the CRITICAL features you 
> need are implemented in the old format. I don't really need 
> custom-named fields -- I dump things like "What's your cat's name? 
> [random letters] What was your wife's sister's childhood best friend's 
> name? [random letters]" in the Comment field.
>
> If every account and every "security" question has a different random 
> password, it is absolutely essential that you 1) use a good encryption 
> key, 2) don't forget the key (you won't if you use it every day) and 
> 3) copy the database off-site and keep it up-to-date.
>
> Actually what I do is this:
>
> 1) Primary copy is stored at SDF (public access Unix) and I remotely 
> mount via SFTP (sshfs) whenever I want to view and edit the database.
> 2) I copy the primary file to a read-only cache in 
> ~/etc/keys/cached/brendan.kdb (on every desktop) once in a while, in 
> case I need to access the database while I'm not online.
> 3) I copy the primary file to my BlackBerry once in a while and change 
> the key to something more manageable for the BlackBerry keypad.
>
> Brendan Kidwell
>
>
> On Wed, Mar 10, 2010 at 9:59 AM, Jerry Feldman <gaf-mNDKBlG2WHs at public.gmane.org 
> <mailto:gaf-mNDKBlG2WHs at public.gmane.org>> wrote:
>
>     My requirements are:
>     1. Cross platform Android, Windows, and Linux.
>     2. Be able to syncronize the data bases. Storing the data base on the
>     microSD would work since it is available when plugging in the Android.
>     3. In creating an entry I need to be able to cut and paste (If I
>     recall
>     I was not able to do this with either of the password managers I tried
>     on Blackberry.
>
>


-- 
Jerry Feldman<gaf-mNDKBlG2WHs at public.gmane.org>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB  CA3B 4607 4319 537C 5846

More information about the Discuss mailing list