Re: comparing password managers in Debian, synchronizing on multiple devices

To: debian-user@lists.debian.org
Subject: Re: comparing password managers in Debian, synchronizing on multiple devices
From: David Wright <deblis@lionunicorn.co.uk>
Date: Tue, 25 Oct 2016 09:16:08 -0500
Message-id: <[🔎] 20161025141608.GA8539@alum>
Reply-to: debian-user@lists.debian.org
In-reply-to: <[🔎] numuu0$nnq$1@blaine.gmane.org>
References: <[🔎] 48d0254b-052b-7966-7ede-8a33c1113735@pocock.pro> <[🔎] 85d1ipe3kq.fsf@benfinney.id.au> <[🔎] numuu0$nnq$1@blaine.gmane.org>

On Tue 25 Oct 2016 at 08:43:15 (+0200), deloptes wrote:
> Ben Finney wrote:
> 
> > I prefer integration to all applications on the desktop: i.e., the
> > program should simply place the passphrase in the clipboard, allowing me
> > to paste it into whatever form I visit. That covers the browser as well.
> 
> I've been using gpg since 2002 and never heard of PassStore or pass or
> whatever. But through all those years I used the kwallet and now tdewallet.
> Exactly because it is integrated into the system/desktop.
> 
> The idea to upload encrypted password on some cloud service is scary , but
> perhaps I am a bit old fashioned. Passwords are usually kept in a safe
> place. Especially private keys are not meant to be shared .... so I did not
> understand what are you doing with your private gpg key? Do you have it
> printed on paper?
> 
> I think what you are describing is a bit of useless, but a summary of all
> password managers and storage systems is still pretty usefull. With my
> previous post I wanted to point out that completeness is what I would
> expect from a debian wiki article. You can save the filtering criteria for
> yourself. Let the people decide by providing information on the key
> features of each application.

Eh? Getting information on these packages is all too easy. What's more
difficult is mining people's knowledge of whether these key features
are beneficial, disadvantageous, a security risk, or just neutral,
nice to have.

I knew about pass: it contains the string "password manager" in its
description. Perhaps you missed it because it has no tags in the
Packages file, not one. Anyway, the full desciption reads:
"lightweight directory-based password manager
"Stores, retrieves, generates, and synchronizes passwords securely
 using gpg, pwgen, and git."

I can't see the point in just duplicating that information on a wiki
page. There's a list of possibilities at
https://wiki.archlinux.org/index.php/List_of_applications/Security#Password_managers
and you know that their websites will trumpet their key features.

But I can see the added value in running that information past
a set of criteria like "The database must be in a format already known
to be readable by other, mature, well-maintained software" to quote
just one. That sort of knowledge is what gets discussed here, and
a summary in one place would be very useful. It might look like
the sort of grid often seen in Wikipedia (though it might need a
lot of footnotes explaining why it passed/failed to come up to
scratch).

Cheers,
David.

Reply to:

References:
- comparing password managers in Debian, synchronizing on multiple devices
  - From: Daniel Pocock <daniel@pocock.pro>
- Re: comparing password managers in Debian, synchronizing on multiple devices
  - From: Ben Finney <bignose@debian.org>
- Re: comparing password managers in Debian, synchronizing on multiple devices
  - From: deloptes <deloptes@gmail.com>

Prev by Date: Re: WiFi works during install, not after
Next by Date: Re: WiFi works during install, not after
Previous by thread: Re: comparing password managers in Debian, synchronizing on multiple devices
Next by thread: Vim help, tags, sudo
Index(es):
- Date
- Thread