On Tue 25 Oct 2016 at 08:43:15 (+0200), deloptes wrote: > Ben Finney wrote: > > > I prefer integration to all applications on the desktop: i.e., the > > program should simply place the passphrase in the clipboard, allowing me > > to paste it into whatever form I visit. That covers the browser as well. > > I've been using gpg since 2002 and never heard of PassStore or pass or > whatever. But through all those years I used the kwallet and now tdewallet. > Exactly because it is integrated into the system/desktop. > > The idea to upload encrypted password on some cloud service is scary , but > perhaps I am a bit old fashioned. Passwords are usually kept in a safe > place. Especially private keys are not meant to be shared .... so I did not > understand what are you doing with your private gpg key? Do you have it > printed on paper? > > I think what you are describing is a bit of useless, but a summary of all > password managers and storage systems is still pretty usefull. With my > previous post I wanted to point out that completeness is what I would > expect from a debian wiki article. You can save the filtering criteria for > yourself. Let the people decide by providing information on the key > features of each application.
Eh? Getting information on these packages is all too easy. What's more difficult is mining people's knowledge of whether these key features are beneficial, disadvantageous, a security risk, or just neutral, nice to have. I knew about pass: it contains the string "password manager" in its description. Perhaps you missed it because it has no tags in the Packages file, not one. Anyway, the full desciption reads: "lightweight directory-based password manager "Stores, retrieves, generates, and synchronizes passwords securely using gpg, pwgen, and git." I can't see the point in just duplicating that information on a wiki page. There's a list of possibilities at https://wiki.archlinux.org/index.php/List_of_applications/Security#Password_managers and you know that their websites will trumpet their key features. But I can see the added value in running that information past a set of criteria like "The database must be in a format already known to be readable by other, mature, well-maintained software" to quote just one. That sort of knowledge is what gets discussed here, and a summary in one place would be very useful. It might look like the sort of grid often seen in Wikipedia (though it might need a lot of footnotes explaining why it passed/failed to come up to scratch). Cheers, David.
