Once upon a time I used a single password everywhere except on few, few exceptions (my system account or SSH key, for example). After some time I realized that that wasn't very clever because a break-in in any of my online accounts could open them all for attack. Not to mention that this was also problematic due to different sites having different password policies and having different trust levels: you surely do not want to share the same password between your mailing list subscriptions — which very often travels in plain text form — and your GPG passphrase!

Since then I have been using a unique complex password for each account... which has turned up to be a more-or-less unmanageable approach given the number of accounts I have. To make this approach less painful, I wrote all the passwords in a GPG-ciphered text file. I then created a pair of dirty scripts to view and edit that safe file, but I have to confess that they are very ugly and are currently broken for a number of reasons. Also, keeping that file on the hard disk was not something I was very keen on; yes, I have a backup, but it is sooo outdated...

However, using such simple ciphered file has its advantages. I can trivially access it from any OS, I do not rely on any password manager utility and I do not need to trust its code to not disclose information. So what have I done?

I've created a little shell script that allows me to consult and modify the passwords database easily; yes, simply put, it is "yet another password manager". However, and as I wouldn't like at all to lose my private SSH/GPG keys, the "secret" database also serves as a repository for these keys.

The idea is to keep all this critical, non-recoverable data in a central place, making backups trivial. For example, I'm planning to stick the script alongside with this sensible data in a little pen drive (or floppy disk) so that it can be stored in a safe place. This way, I will not have that data in the hard disk: it will only be available when I really need it by plugging the pen drive and simply executing the script within it.

Consider the following:
$ mount /safestore
$ /safestore/safestore query some-site
... enter your GPG passphrase ...
... your user-name/password is shown ...
$ unmount /safestore
The above commands could be used to request the user-name and password for some-site.

Or this (assuming the disk is already mounted):
$ /safestore/safestore sync
Which could synchronize the GPG database in the home directory with the one in the external drive.

And what about creating a SSH key and installing it on your home directory?
$ /safestore/safestore ssh-keygen
... answer some questions ...
$ /safestore/safestore ssh-keyinstall key-name
Of course, losing that pen drive could be a very serious issue... but you already have a backup copy of your keys somewhere, right? Also, if the GPG key has a strong passphrase and considering that someone had interest to crack it, you'd have enough time to regenerate your keys, revoke the old ones and update your passwords before he'd get any data out of the ciphered drive.

I'm curious to know how people manages this stuff themselves. At the moment I am not planning to publish the script because it is very customized to my needs but I may easily change my mind if there is interest in it.

Subscribe via RSS · Go to posts index

   Delivered by FeedBurner

Comments from the original Blogger-hosted post: