frustrate shouldservers
Tim Chase
blinux.list at thechases.com
Sat Feb 4 18:40:50 UTC 2017
On February 4, 2017, Eric Oyen wrote:
> THis may be a bit extravagant when it comes to keeping your
> passwords safe and usable by you, but it certainly would frustrate
> someone seeking to breach your machine with physical access.
I strongly recommend using a password manager that allows you to keep
many unique strong passwords for you, all behind standard-compliant
encryption.
I recommend KeePassX if it's accessible to you. There's "kpcli"
which is supposedly a CLI interface to the KeePassX (or
"KeePass"?) database, though I don't know which features it
includes. There are also other various password managers.
As a fall-back, I recommend a plain-text file that you encrypt with
GPG using a single strong password. I wrote up an article about
doing this with the "ed" editor
http://tim.thechases.com/posts/cli/using-ed1-as-a-password-manager/
but the principle holds for most editors. Just make sure that you
disable your editor's swap-file and storage of copied text if is uses
one, such as vim (though Vim has some nice GPG extensions that
disable such settings and marshal the file through GPG as you read &
write it). In this case, you do need to beware of people reading
over your shoulder, but if you're completely blind, you can just
disable/disconnect the screen (and if you have some sight, you should
be able to use something like KeePassX).
-tim
More information about the Blinux-list
mailing list