BEGIN:VCALENDAR PRODID:-//Google Inc//Google Calendar 70.9054//EN VERSION:2.0 CALSCALE:GREGORIAN METHOD:REQUEST BEGIN:VEVENT DTSTART:20090321T010000Z DTEND:20090321T020000Z DTSTAMP:20090922T181711Z ORGANIZER;CN=Gordian Klein:mailto:gordian.kl...@googlemail.com UID:a04926ad-ef36-49e7-93b5-40f74c2b0102 ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP= TRUE;CN=GnuPG Users;X-NUM-GUESTS=0:mailto:gnupg-users@gnupg.org ATTENDEE;CUTYPE=INDIVIDUAL;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP= TRUE;CN=gerry_lowry (alliston ontario canada);X-NUM-GUESTS=0:mailto:gerry.l o...@abilitybusinesscomputerservices.com CREATED:20090922T181710Z DESCRIPTION:Hi!\n\ngerry_lowry (alliston ontario canada) schrieb:\n> Sven R adde wrote\, in part:\n> \n> "... there are more usable ways of managin g one's passwords\n> than storing them in a GnuPG file".\n> \n> I' m curious what "more usable ways" there are that Sven and others\n> can rec ommend.\n\n/First of all\, @Listowner: Let me know if this should be taken off-list\nbecause it's too OT.../\n\nI mean tools like Keepass/KeepassX\, P asswordSafe\, or similar (even the\nFirefox password manager can encrypt st ored passwords with 3DES and a\nmaster password). I also mean a Truecrypt v olume or loopback container\nfor storing the password file. For Linux\, enc fs or ecryptfs come to\nmind\, too.\n\nThe reasons are as follows: With Gnu PG\, you have encrypted one file. To\nbe secure\, you must now delete the o riginal copy\, which is not easy in\nitself\, although recent research [1] seems to show that a single\noverwrite is sufficient for secure wiping. Did n't we have a discussion\nabout secure deletion not too long ago?\n\nNow\, to access your encrypted passwords\, you need to decrypt the file\,\nresult ing in an unencrypted version of it on your drive. When you are\ndone\, you have to securely delete it again. If you have modified the\nfile\, you hav e to remember to encrypt it between having saved the\nchanges and deleting it.\n\nOf course\, you can set the thing up in a way that the unencrypted f ile\nis written to a RAM-only disk\, but keep hibernation and swapfile issu es\nin mind.\n\nYou can also have GnuPG output the data to the console only \, if you just\nhave to read a password (I have no idea if there are possib ilities that\nconsole output find its way into logfiles or similar\, though ). Depending\non the size of your password file\, you have quite a number o f lines\nwritten to the console where you have to find the password that yo u need\nfor the moment. If you'd format the file like:\npurpose1 -> passwor d1\npurpose2 -> password2\nyou could do something like "gpg passwords.gpg | grep purpose2" to find\nthe password you need.\n\nAs mentioned\, some shel lscripts could automate the process (create a\nramfs mountpoint\, decrypt t he password file to there\, grep it to find a\ndesired password\, or launch a text editor\, re-encrypt the file after the\neditor closes\, unmount the ramfs).\n\nKeepassX\, e.g.\, supports organizing your password file into g roups\,\nadding metadata such as URLs to the passwords\, comfortable hotkey s\,\nintegrated random password generator\, password entropy estimation etc .\nThe main difference\, though is the transparent way to access your\npass words (this is also true for Truecrypt and the other mentioned\nencrypting filesystems): Enter the master-password\, work with the\npassword file(s)\, lock the storage again. Done. No unencrypted copy on\ndisk\, ever (apart f rom the abovementioned swapfile and hibernation).\n\nGiven these tools I al so disagree with the notion that "frequently used\npasswords reside in one' s memory" (although I remember quite some\npasswords\, myself). Password-re use is one of the greatest problems with\npasswords (and\, btw\, becomes qu ite infeasible once you have to deal with\nvarying complexity-policies\, di fferent expiration-intervals etc) and\npasswords you have to remember tend\ , in general\, to be weaker than those\nthat you don't have to remember.\nW ith Keepass\, you can have a different 20-character pseudo-random\npassword for every stupid web forum (not to mention the more important\nthings). It just doesn't matter whether your password is "123" or\n"las2ieu7hxalm5iuem alie" if it's just pressing "Ctrl-Shift-A" to\nauto-type username and passw ord into the login form.\n\nI do not mean to endorse specific pieces of sof tware here\, nor do I mean\nto belittle GnuPG. But I think you need the rig ht tool for right task.\nAnd GnuPG IMHO has its strengths not in providing protection to\nfrequently accessed (and modified) files.\nIf you need to ar chive a backup copy of your passwords on a remote\nserver\, that's a wholly different issue\, though. GnuPG will do an\nexcellent job there and digita l signatures are even a bonus.\n\ncu\, Sven\n\n[1] http://www.springerlink. com/content/408263ql11460147/ --\nunfortunately only the abstract is free f or general access\n\n_______________________________________________\nGnupg -users mailing list\ngnupg-us...@gnupg.org\nhttp://lists.gnupg.org/mailman/ listinfo/gnupg-users\nZeigen Sie Ihren Termin unter http://www.google.com/c alendar/event?action=VIEW&eid=X2M0bzM4ZTlpNnBnbThiYjVjb3BqY2I5azc1aWplYjlwN mRoM2FiOWs2MWozZWQzMzY5aDMwYzlnNjggZ251cGctdXNlcnNAZ251cGcub3Jn&tok=MjgjZ29 yZGlhbi5rbGVpbkBnb29nbGVtYWlsLmNvbWE4ZDVjMmRjZmE0ZWNkNTBiMGI1M2VhZjUxNzA2ND EyN2MzOTNlM2E&ctz=Europe%2FBerlin&hl=de an. LAST-MODIFIED:20090922T181711Z LOCATION: SEQUENCE:0 STATUS:CONFIRMED SUMMARY:How secure asymmetric encryption to yourself? TRANSP:OPAQUE CATEGORIES:http://schemas.google.com/g/2005#event END:VEVENT END:VCALENDAR
invite.ics
Description: application/ics
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
