Am 2018-03-11 04:21, schrieb Anselm Garbe:
On 10 March 2018 at 06:08, Markus Teich <markus.te...@stusta.mhn.de>
wrote:
Should be fine, but the salt should not be secret (you need to sync it
between devices where you want to use this system after all). The
point is
that you can give your encrypted database as it is stored on disk to
anyone
and they would not be able to derive anything (you care about) from it
without the master password. Depending on what you care about, the
whole
[..]
In the end the master password should be the only thing that needs to
be
kept
secret and you can easily "sync" that between devices by remembering
it. ;)
I tried to grasp the overall suggestion, but how is that different to
a single text stream of the format:
user@domain: password\n*
being encrypted using your own PGP public key into a single file? Each
time you want to know a username or password, you decrypt the file,
look it up and are done with it.
Are you concerned about portions becoming decrypted in memory on your
local host?
Using a single file encrypted with gpg would certainly work too. You
just have
to be a bit more careful with the handling as you risk leaking the
complete file
instead of just a single password. For example the file needs some
structure
that you may want to enforce to some degree to make it usable for tools
like
selecting and pasting your password into login forms. In my experiment I
found
it easier to have one file per key (e.g. domain) and then use the first
line
as the canonical password while additional lines could be used for those
annoying
security questions some websites require or other related information.
--Markus
