# Secure Password Manager in Portage [SOLVED]

## graffitici

Hi all,

I used to have a program on my PDA for storing all my sensible information (like online account passwords, credit card numbers). I have decided that I want to move all that data to my laptop, but I can't find a good program to manage it. In portage, I could only find 'revelations' whose development seems to be pretty active. However I don't use GNOME, and that ebuild has 80MB of requirements (includes nautlius, metacity etc..). So before I emerged all of that just for revelations, I want to ask whether it is going to be worth it. 

What do you think is the most secure (and easy to use) password manager program? It doesn't have to be an X program.

Cheers,

 BerkLast edited by graffitici on Tue Jan 22, 2008 3:00 am; edited 1 time in total

----------

## Hu

A fairly simple solution would be to store the passwords in a text file and protect the text file with app-crypt/gnupg.  You can use symmetric encryption of the file or a password-protected key to protect it.  Combine that with an encrypted swap partition to ensure that any swapped data cannot be recovered via a LiveCD if the hardware is stolen.

----------

## schachti

I'm using kde-misc/pwmanager, and you also can have a look at app-misc/tkpasman.

----------

## skellr

app-admin/keepassx

It uses qt4 (built with qt3support). The Keepass development is active so thats a good sign, there are alot of dead projects out there.

----------

## graffitici

Thanks to everyone for their replies. I checked out all of the proposed programs. Although they all look very promising, I think I will go for the simple gnupg solution after all. The main reason is that I don't want to commit to any single program, since they can stop being developed at any point. The GnuPG project on the other provides a very solid foundation, and I can be sure that if a certain attack is found for any one of the many algorithms provided, they will be the first one to implement a solution. 

I have seen some VIM script that provide support for GnuPG that will make things easier (I don't like the built-in :X command either, since it stores the string "VimCrypt" at the header, giving  information about the type of encryption used). I think encrypting the swap partition would be too much at this point. Since the files that I'm writing will be mostly read as opposed to changed, I can write a few convenience shell scripts that can selectively print out some parts of it on the command-line. As far as I know, there's no way to recover the terminal buffer (please correct me if I'm wrong).

Again, thanks to all for their replies...

----------

## Hu

Text in the terminal buffer is part of memory in some process.  Memory can be written to swap if the system needs that memory for some other purpose.  That is why I recommended an encrypted swap partition.  If the swap partition is encrypted with a random key, then all swapped content, including any terminal contents, is lost(*) when the system is halted.

If swap is encrypted, you can write the plaintext file to a tmpfs to avoid writing any plaintext to the hard drive.  If you write an unencrypted copy of the file to any normal partition, it will be written to the hard disk in plaintext.  This could be recovered by an attacker who obtained the hard drive and searched the drive for printable strings.

* - A sufficiently advanced attacker could try to break the encryption on the swap partition to recover the text.  However, any attacker with sufficient resources to do that probably has easier ways of obtaining the information.

----------

