How I do Password Management

I thought I would share a trick that has eased my cross-platform and cross-network password management tasks.

I run a LAN subversion server, which keeps track of the revisions of my password vault. For storing, organizing and encrypting passwords, I use Password Gorilla which is a great cross-platform (linux, windows, mac) application using twofish encryption to secure everything. One master password unlocks all the rest. The password generator included in PG is great, and allows for customizations like not using similar digits (O and 0), as well as desired password length, etc. You can also override password defaults on a case-by-case basis.

The glue that ties this all together and makes it a networked application is a bash script on linux (I have not bothered to automate this on other platforms since I am in linux 98% of the time). For this to work, I have set up ssh keys (not necessary, but a pain to type a password each time), gentoo's cool keychain program, and ssh-askpass-fulscreen (is called different things on different distros ie: ssh-askpass-gtk on gentoo i believe).

Bash script: (be sure to set password gorilla to commit changes immediately, ie: save upon change)


#!/bin/bash

# make sure ssh keys are open using keychain - this code is in .bash_profile as well for remote opening of passes
keychain ~/.ssh/id_dsa
. ~/.keychain/$HOSTNAME-sh

# move to where passes are in svn repo
cd ~/svnCheckOut/stuff

# get latest version of pass DBs
svn update

# run password gorilla
/usr/local/bin/gorilla

# automate svn commit to add any changes. If no changes, nothing is done
svn commit -m 'pass changed'

exit

Using this method, you always have the latest passwords on every system. One caveat is that you are going to be opening your vault regularly since changes are only synced in when the gorilla is closed. This is the best way to do it anyways IMO since you want a revision created upon changing something.

Password gorilla can be put onto a USB key (svn export the repo to usb), with portable version for both linux and windows (and mac?).

I could not reveal the vast majority of my passwords even if I wanted to, since I never even see passwords anymore. They are generated and hidden by star masks, then immediately saved, and only ever copied to clipboard for desired password input. I regularly use 20+ character random incredibly hard to break passwords for simple websites.

Powered by ScribeFire.

Comments

Very interesting points. Glad

Very interesting points. Glad I found this post, will have to bookmark this to refer back to later.

Password Management

Thanks! That's actually pretty cleaver.

Todd Beardsley
Todd@MenloAthertonRealty.com

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.

Check out Gangster Politics Montreal.