# Password Safe recommendation

## Tony0945

I installed apt-crypt/gorilla as it seemed ideal. However, I found that I can't cut and paste my existing passwords into the database although one is supposed to get them out via clipboard.

That makes transferring long random generated passwords difficult if not impossible to transfer without error.

KeepassXC sounds good but I absolutely don't want any passwords stored in "the cloud" no matter how supposedly secure.

Right now I'm using a combo of browser password storage for forums, blogs, and shopping and a plain text file in /home for banking/brokerage. 

I'd like to increase my security but since my data has been lost "in the cloud" by the Experian breach, the US Postal Service employee data breach and the Citbank data breach, I have zero confidence in off site storage.

Looking for recommendations, please.

----------

## mike155

 *Quote:*   

> KeepassXC sounds good but I absolutely don't want any passwords stored in "the cloud" no matter how supposedly secure. 

 

Why do you think KeePassXC stores passwords in the cloud? 

I use KeePassXC every day and it stores passwords in an encrypted file on my disk. I really like KeePassXC. It's great!

----------

## PeterF

I haven't experienced the copy/paste issue described.  Been using gorilla for few years in a KDE environment.  As I use accounts I move them from my plain text file into database gorilla is managing.  Quick test and I'm able to paste into all the fields of a new login.  Not sure how to resolve for you, but wanted to share that it should be working way you want.

----------

## Ant P.

app-admin/pass and www-plugins/passff works for me.

----------

## Tony0945

 *mike155 wrote:*   

> Why do you think KeePassXC stores passwords in the cloud? 

 

My mistake, that was Lastpass. Keepass and derivatives depend on dbus. Not a fatal flaw, but one that puts it down the list as I try to keep redhat code off my machines as much as possible.

Gorilla is supposed to be drag and drop but for some reason it is not for me. I have no training in the language it's written in so I can't debug it.

I could easily write a drag and drop interface, but have no knowledge of the encryption algorithms and  don't want to make a mistake with them.

Why does Keepass use dbus? That's for inter-program communication, certainly not needed for drag and drop which is X11.

----------

## mike155

 *Quote:*   

> Why does Keepass use dbus? 

 

I wish we could disable the D-Bus interface of KeePassXC. Unfortunately, KeePassXC developers do NOT agree:

https://github.com/keepassxreboot/keepassxc/issues/828

https://github.com/keepassxreboot/keepassxc/wiki/Using-DBus-with-KeePassXC

When will people learn that you get less security the more features or interfaces you add?

On the other hand: as long as people use KeePassXC in X11 mode (instead of Wayland mode), we don't have to worry about security bugs in the D-Bus interface...

----------

## Tony0945

 *mike155 wrote:*   

>  *Quote:*   Why does Keepass use dbus?  
> 
> I wish we could disable the D-Bus interface of KeePassXC. Unfortunately, KeePassXC developers do NOT agree:
> 
> https://github.com/keepassxreboot/keepassxc/issues/828
> ...

 

Wow! That thread reveals an attitude by the developers that really puts me off. Also do not want browser integration. My browsers (firefox and palemoon) already store passwords. Don't feel that's secure.

----------

## pjp

app-admin/passwordsafe

I've been using since long before most cloudy options were created (or certainly before I was aware of them).

----------

## AJM

Another vote for app-admin/pass.  I've only started using it fairly recently but I like it because

It runs in a console so I can easily access my passwords from anywhere via ssh

It's basically a small shell script around gpg (and optionally, git), no homebrew encryption

No reliance on third parties, i.e. cloud

Minimal dependencies

----------

## Tony0945

 *pjp wrote:*   

> app-admin/passwordsafe

 

Looks like a wxGTK version of Gorilla. That's good. I have a chance to debug it if there's a problem and have a chance to port it to windows with wxMSW.

----------

## pjp

 *Tony0945 wrote:*   

> and have a chance to port it to windows

  There is already a Windows version (I think that's where it started).

----------

## Tony0945

 *pjp wrote:*   

>  *Tony0945 wrote:*   and have a chance to port it to windows  There is already a Windows version (I think that's where it started).

 

The Web site says it only supports Win 7 and up.

----------

## pjp

Does Microsoft support 7?

They have "older versions" of 64-bit, 32-bit and XP (available after going to the download page).

----------

## Tony0945

 *pjp wrote:*   

> Does Microsoft support 7?

 

Who cares? I haven't downloaded their "fixes" in years. Not since one screwed up my computer so bad I had to wipe the disk and re-install.

How many years has it been since they released XP? How many bug fixes and now they say it's hopeless? Get on the win 10 train and let us rummage around your files and delete what we think is illegal or malware? No thanks. XP had a nice clean interface and I'm keeping it.

It's dangerous to go on the web? True, but a lot depends on what you do. Is accessing this forum dangerous? Is logging in to my bank dangerous?

Microsoft's development process involves thousands of programmers working in isolation so that only a few know how it fits together. That's a recipe for unending bugs. The bug fixers introduce new bugs because they don't know how their changes affect other code.  No thanks. 

I'd drop the whole thing if there still weren't two programs that I use almost daily. Yes, there are similar Linux programs, but I don't like them as well. Oh, and I have an old old image manipulation program, Vueprint, that I love. Gimp could do it all and more but I hate gimp. It's too big and complex.

Vuescan also works better than hpscan on Linux. Surely there is no risk in scanning a document into a pdf without ever going near the internet.

 *pjp wrote:*   

> 
> 
> They have "older versions" of 64-bit, 32-bit and XP (available after going to the download page).

 

Good to know, although I'd prefer to recompile from code (I am addicted to Gentoo)  It's even possible that the newer version runs just fine on XP. Many developers automatically dropped XP from their lists for the reason you cite. I was talking to a support person for one who recommend upgrading to v5 of their program. I had orginally bought v3 and paid for an upgrade to v4 when it came out. I told him I would but it requires Win7+. He hesitated and told me, "We don't advertise it but it runs on XP too." I bought v5 and sure enough, it does run fine.

----------

## Jaglover

XP and banking? No, thanks. I live happily without Windows. I do have a Hackintosh for some tasks, though. An i3, 8 GB RAM, 500 MB drive. Cost - $99 from eBay, free shipping. Anybody can afford that.

----------

## Ant P.

 *Tony0945 wrote:*   

> It's dangerous to go on the web? True, but a lot depends on what you do. Is accessing this forum dangerous? Is logging in to my bank dangerous?

 

It might be if you use an OS vulnerable to DNS spoofing (no DNSSEC) and SSL spoofing (system certificates from crooked vendors like Symantec)…

----------

## Tony0945

 *Ant P. wrote:*   

>  *Tony0945 wrote:*   It's dangerous to go on the web? True, but a lot depends on what you do. Is accessing this forum dangerous? Is logging in to my bank dangerous? 
> 
> It might be if you use an OS vulnerable to DNS spoofing (no DNSSEC) and SSL spoofing (system certificates from crooked vendors like Symantec)…

 

I'm sure you know more about it than I, but aren't those browser functions rather than OS functions?

BTW, the only time my credit card data was stolen by a website was recently under Gentoo.

----------

## Jaglover

Incompetent web site maintainers and/or phishing have nothing to do with your OS.

----------

## Ant P.

The browser traditionally uses the system trust store and/or TLS libraries on Windows because enterprise people demanded to have one place to configure MITM stuff for their deep packet inspection firewalls. That's no longer tradition due to the various symantec/comodo/startcom/cnnic forgery scandals, hardware drivers installing CA roots with leaked private keys, and all the SSL weaknesses revealed in the past few years.

It'll be a good idea to test your browser to see how it's affected by this: https://www.ssllabs.com/ssltest/viewMyClient.html

----------

## Tony0945

 *Ant P. wrote:*   

> The browser traditionally uses the system trust store and/or TLS libraries on Windows because enterprise people demanded to have one place to configure MITM stuff for their deep packet inspection firewalls. That's no longer tradition due to the various symantec/comodo/startcom/cnnic forgery scandals, hardware drivers installing CA roots with leaked private keys, and all the SSL weaknesses revealed in the past few years.
> 
> It'll be a good idea to test your browser to see how it's affected by this: https://www.ssllabs.com/ssltest/viewMyClient.html

 

Thanks for the link. Browser passed pretty good. Not quite as good as on Linux where the version is 28.2.2, XP version is 27.9.4 because I'm having trouble porting 28.2.2. It's not available as a binary down load because "Microsoft no longer supports XP". So I should "upgrade" (downgrade it looks like to me) to crappy Win 7 or hideous Win 8 or spyware Win 10? I think not.

Anyway, I don't want to sidetrack this thread.

I did find out why Gorilla was not acting right when portage tried to upgrade virtualbox. They are using incompatible versions of tk or tcl, I forget which.

----------

## Ant P.

If you want old Windows but also security fixes, maybe ReactOS would be worth a try?

----------

