[Discuss] Password managers
Daniel Barrett
dbarrett at blazemonger.com
Sat May 9 12:23:46 EDT 2020
Oops, I missed a couple of your questions, Steve!
On May 8, 2020, Steve Litt wrote:
>I'm going to arrange for a piece of punctuation to be inserted when
>creating the password. Most accounts require a punctuation in the
>password, but they all differ as to *which* punctuation they allow.
FWIW, the pwgen command I suggested does generate punctuation in the
passwords. Sample generated password:
E9;d,#A&72f5Kt&`GiE$pC
The pwgen -r and -y options may help you restrict the set of
characters used.
>I assume that you have a big, hairy password on this password file so
>somebody who takes possession of the password file can't brute force
>it.
The password file is protected by gpg's public key encryption, so the
attacker would need the private key and the passphrase. And yes, the
passphrase is extra hairy. :-)
>Is it inconvenient that every time you need a password, you need to
>type in your big, hairy master password? Or do you have a way of only
>typing it once?
That's determined by how you configure gpg-agent. My
~/.gnupg/gpg-agent.conf file forces the gpg passphrase to expire in 1
second:
# gpg-agent.conf:
#
# Don't cache passphrases
default-cache-ttl 1
max-cache-ttl 1
# Prompt for passphrase in the CLI, not graphically.
# I compiled pinentry-tty myself due to bugs in the Ubuntu 18.04 version
# found in /usr/bin/pinentry-tty.
pinentry-program /usr/local/pinentry/bin/pinentry-tty
# Emacs integration
allow-emacs-pinentry
allow-loopback-pinentry
You can permit passphrase caching for whatever time period you prefer.
Dan
More information about the Discuss
mailing list