How I do Password Management

I thought I would share a trick that has eased my cross-platform and cross-network password management tasks.

I run a LAN subversion server, which keeps track of the revisions of my password vault. For storing, organizing and encrypting passwords, I use Password Gorilla which is a great cross-platform (linux, windows, mac) application using twofish encryption to secure everything. One master password unlocks all the rest. The password generator included in PG is great, and allows for customizations like not using similar digits (O and 0), as well as desired password length, etc. You can also override password defaults on a case-by-case basis.

The glue that ties this all together and makes it a networked application is a bash script on linux (I have not bothered to automate this on other platforms since I am in linux 98% of the time). For this to work, I have set up ssh keys (not necessary, but a pain to type a password each time), gentoo's cool keychain program, and ssh-askpass-fulscreen (is called different things on different distros ie: ssh-askpass-gtk on gentoo i believe).

Drupal Security Update

Drupal 4.7.4 has been released. It fixes these security advisories:

Disk Wiper

Darik's Boot and Nuke Darik's Boot and Nuke ("DBAN") is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.

Ubuntu - Don't Use .bash_profile

Well, this annoyed me a little. I am used to putting my keychain (ssh-agent) startup in ~/.bash_profile, so it will be sourced at login either at desktop or remotely. Unfortunately, Ubuntu has taken away this functionality, and replaced it with.... well, we have no idea, since it is not written in the file itself, or anywhere except by google finding.
