http://keepassx.sourceforge.net/
http://keepass.info
keepass is a great open-source password locker. What are the advantages of a password locker?
1. It generates strong 20 character/160bit passwords similar to our dice technique using the computers Rand() functions. While at the same time it has a autotype feature that means you never have to type these long complex passwords.
2. It stores these passwords in a database encrypted with AES or Twofish. It encrypts all content including it's many information fields, which include, username, notes and Titles.
3. You can lock the use of a particular database to a particular set of computers using a keyfile.
4. The two programs fit on your usb drive so you can access your passwords while browsing linux and windows computers (Provided you have the keyfile)
Disadvantages
1. You have to carry the database.
2. If you lose the database, password or keyfile, you will have to manually reset all of your website passwords, ouch.
3. If you tie your database to a local key file then you can't access websites and other utilities on a foreign computer.
Procedure to maximize benefits:
We want to be able to access our websites while keeping our really important websites, like banking, tied to our personal computer. The way we do this is by creating two password databases. I'll call the first database a propagating database, because technically you can just copy the database and access it with the right password.
To setup the Propagating database you just need a USB drive and the two programs.
1. Install the two programs on your USB drive, you can also keep the two programs installed on any local computers you have, for instance Ubuntu comes with it pre-installed.
2. Setup the database by creating a long pass phrase like the ones we created in my other tutorial.
3. Put your personal mail, forums, and any other insecure websites that you routinely surf on that campus or library computer. Keep this database on your USB drive. For paranoia's sake you will want to keep this list small and selective. A good rule might be that any website or external computer that has more security then your personal computer should stay off the Propagating Database on the basis that bringing them over to a computer that could possibly have a keylogger is a bad thing. Mail, forums, and other non-money based websites are insecure, whereas banks (I pray) and online stores (I hope) are more secure then your home computer. It's also above mentioning that you should maintain your security applications to keep a keylogger from getting on your home system. You should also consider changing the passphrase on your database often.
The other database I will call the Fixed database. Remember however that the fixed Database is as vulnerable to being snatched as your propagating one. They are both to be put on the USB drive. The fixed database is fixed because it has the added security of a key file. A random cracker who doesn't have some sort of access to the key file probably won't be able to access the data. Therefore, the database is fixed to your home computer even while a copy of the database might be held captive on some seedy server in Russia!
1. Do all of the steps for a propagating Database.
2. Generate a keyfile using truecrypt
manuel# truecrypt --keyfile-create /home/
3. You can creatively label your keyfile '12 Weird Al - Polka Party.mp3' or some other obscurity and hide it in a folder.
4. Instead of just creating a strong pass phrase, check the 'use password and keyfile'.
Now tie all of your fixed passwords to the database. If you work away from home and there is another secure computer you wish to use this fixed database on, you can copy your keyfile to that computer as well.
