[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: comparing password managers in Debian, synchronizing on multiple devices

I think a table; something like this would be prudent. I only know about FPM2 as that is what I use, would be interesting in seeing a summary of alternatives.

Password Manager
 Supports snycing
 Features
FPM2
 No
 Cipher: ACS-256
- Generates passwords up to 255 characters long, with options for numbers, symbols and avoiding ambiguous characters (1 and I etc.)
- Password categories and filtering
- Search on typing
- Store addition reference information (url, notes, username)
- Password launchers
- Copy password to Primary selection or clipboard without showing it.
- Can use a key file
- Export/Import passwords to/from XML for moving between managers

About syncing, I use Mega.nz, because client side encryption, but some inbuilt syncing system would be better, ideally peer to peer, so it never leaves my devices.

On 25/10/16 06:44, deloptes wrote:
Daniel Pocock wrote:



On 24/10/16 13:05, Daniel Pocock wrote:


There have been various discussions in here and in some derivative
projects like Ubuntu about choosing and using password managers,
especially the way to sync their password lists across multiple devices.

Given the way we do things in Debian it is important not to depend on a
service like Dropbox to sync the password files.

Therefore, how are people choosing a password manager and solving this
in practice?

- which password managers have a built-in mechanism for synchronizing or
merging password lists on multiple devices?

- who is using some other mechanism such as Git or ownCloud to sync?

I've made a list of some of the password managers in Debian:

https://packages.qa.debian.org/a/assword.html
https://packages.qa.debian.org/p/password-gorilla.html
https://packages.qa.debian.org/p/password-store.html
https://packages.qa.debian.org/r/revelation.html
https://packages.qa.debian.org/k/keepass2.html
https://packages.qa.debian.org/k/keepassx.html
https://packages.qa.debian.org/k/kedpm.html
https://packages.qa.debian.org/f/fpm2.html
https://packages.qa.debian.org/c/cpm.html
https://packages.qa.debian.org/p/passwordsafe.html

There are quite a few and so it is hard for somebody to know the best
place to start, maybe a comparison table in the wiki will be needed.

Wiki now created:

https://wiki.debian.org/PasswordManagement



Some other factors that come to mind for a comparison table:

- support for PGP
- support for other strong crypto (e.g. smartcard)
- merging algorithm for multiple devices
- multi-user / team capabilities
- browser integration

I notice that Tails chose to include KeePassX, although there is some
uncertainty how it was selected:

https://labs.riseup.net/code/issues/9231

Can anybody comment on its history there?


What about the wallet? In KDE4 and former KDE3 now Trinity Desktop we use
the kwallet now tdewallet to store the passwords. I know gnome has also
one, but I don't know it's name. I think each desktop has or should have a
kind of integrated password manager. It is worth mentioning this.

https://userbase.kde.org/KDE_Wallet_Manager
https://utils.kde.org/projects/kwalletmanager/
https://en.wikipedia.org/wiki/KWallet

regards

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: