Write Down Your Passwords - The Right Way

Hm. Bruce Schneier and Microsoft's Jesper Johansson tell us to write down our passwords.

That may sound like a stupid idea, and many years lots of security-minded people tried to educate users not to do that. But I think they have a point. Someone who uses the Internet regularly accumulates a whole bunch of accounts and passwords for all sorts of sites, servers etc. It's simply too hard to remember all of them. Thus far I agree.

But, I don't think writing down passwords on small pieces of paper and carrying those around in your wallet is a particularly good idea. It happens too easy that you lose your wallet, it gets stolen, or you lose the pieces of paper. Not to mention all kinds of social engineering activities, which are simplified a lot by this approach...

I do propose to write your passwords down. But do it in a computer file on a box where you're the only one with an account (your home PC or laptop). Encrypt that file with GnuPG and your're reasonably safe. Every time you need a password, decrypt the file, read and use the password, then wipe the decrypted plain-text file.

No more pieces of paper - help save the environment.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

I agree. I use the gpg

I agree. I use the gpg symmetric encryption with emacs crypt++. Since I'm always running XEmacs anyway, this is very convenient. Unfortunately, crypt++ has been broken in XEmacs for a while, but it does work in GNU Emacs.

Any computer with gpg installed will give me access to my passwords.
For a quick lookup, I have written a little script that prompts for my password and greps for the specified string. No need to write a decrypted file that then needs to be wiped.

Keeping passwords

GPG is too clumsy. The vim :X feature is better.

Not very safe

I didn't know :X and it seems to be quite nice.

But unfortunately, it's too weak for the amount and types of passwords I want to store. From :help :X:

The algorithm used is breakable. A 4 character key in about one hour, a 6 character key in one day (on a Pentium 133 PC). This requires that you know some text that must appear in the file. An expert can break it for any key. When the text has been decrypted, this also means that the key can be revealed, and other files encrypted with the same key can be decrypted.

That makes it pretty much useless.

I could imagine that one can create macros/aliases in vim to allow you to call GnuPG from within vim. Has anyone already done this?

Uwe.

GnuPG / Blowfish

I'm not 100% certain of the use of assymetric cryptography (like in GnuPG) to simply password-protect a file. Anyway, here's a mini-script I wrote for doing just that, which uses the blowfish algorithm (from openssl) :

#!/bin/bash
command=$1
file=$2
function usage() {
echo "Usage: `basename "$0"` (enc|dec) [file]" 1>&2
exit 1
}
if [ $# -lt 2 ]; then
usage
fi
if [ ! -f "$file" ]; then
echo "File \"$file\" not found !" 1>&2
exit 1
fi
case "$command" in
enc)
openssl bf-cbc -e -a -salt -in "$file"
;;
dec)
openssl bf-cbc -d -a -in "$file"
;;
*)
usage
;;
esac

Nice script.

A very nice script, indeed. Works like a charm. I wonder why you feel uneasy to use GnuPG for simple files, though. Any specific reason?

Uwe.

Thanks

Thanks Uwe.

I'm not uneasy to use GnuPG for simple files, I'm uneasy to use GnuPG to encrypt to yourself.

2 reasons:
- the best one: if the encrypted file is on the same hard drive as your GnuPG secret key, there are good chances that if an attacker has access to the first one, he has access to the second one. Then, only the password protecting your secret key can save you, and this is little.
- the bad one: I'm not a crypto expert, but GnuPG is made to be used to encrypt something with the public key of the reciever. If both sender and receiver are the same person, thus with the same key pair, I suppose there is somewhat a loss of secrecy. But that could be completely stupid.

GnuPG

Hi,

I agree with reason 1, although a sufficiently long passphrase should provide good protection. As for reason 2, I don't think it makes a difference for whom you encrypt the file, but I'm no crypto expert either...

Uwe.

Keychain and Keychain Password Managers

I actually have the earlier version of the Mandylion Password Manager, which was around US$80. It generates and stores good passwords. Alas, the new version is a lot more pricey, and thus much harder to justify. (The whole Windows-only software thing sucks, too.)

I also find myself trusting Apple's Keychain, which is part of Mac OS X. It's just like the password management in Mozilla, but it's system-wide, so any browser can get passwords, and it can also talk to other applications that use password information, such as the wireless (Airport) software, and the very cool SSHKeychain app that handles SSH agent keys and tunnels.

Not knowing or using Mac OS

Not knowing or using Mac OS X myself, the "it can also talk to other applications that use password information"-part makes me feel a bit uneasy.
A lot of care must be taken to not mess up things when programming such systems. It's not easy to get that right I presume, and the smallest bug could lead to a security breach.

Other than that, I agree: the Mandylion Password Manager looks pretty cool, but sucks (too expensive, Windows-only).

Uwe.

pwsafe

Revelation

For the GUI people I recommend using Revelation http://oss.codepoet.no/revelation/.

gringotts looks pretty cool

gringotts looks pretty cool (several security-related aspects were mentioned...)
http://gringotts.berlios.de/

(try to avoid harry potter if you want to know more :))

I you prefer...

Yes, sure, I know there are several such "password safes" out there. I myself am completely happy with plain text files and GnuPG. Users who like a bit more comfort (or complexity, depends on your viewpoint) will probably be better off with such software, though.

Uwe.

Thunderbird and Enigmail

Yeah - I use Thunderbird and Enigma for this on a public mail server :) So it is effectively encrypted, always available and I can search for accounts by mail subject in my "accounts" IMAP folder. That's quite cool - because I'm able to access from serveral trusted machines I work on, without carrying files around.