LinuxQuestions.org - Where do you store your bank accounts passwords?

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Where do you store your bank accounts passwords? (https://www.linuxquestions.org/questions/linux-security-4/where-do-you-store-your-bank-accounts-passwords-833299/)

Where do you store your bank accounts passwords?

Hello everyone.
I need some tips of how to securely store my bank accounts numbers.
First I think it might be useful to let you know that so far I have 3 banks with different passwords for different things (on-line banking, pin cards e.t.c) and thus it is not easy to memorize all them.

So far I use kwalletmanager and store them in a wallet with pretty long password (20+ characters with numbers, letters and special characters).

Please accept the following questions
A) Does kwalletmanager use a secure way of storing its files? Do you know if its files are encrypted? If not do you know any kde program that can encrypt this file? So to decrypt every time I want to read it.
B) I know that kwalletmanager keeps every wallet on a single file and thus I can put this file into a usb (in case my pc is stolen).
C) Do you know any usb devices that can encrypt the data that are written inside it? Are these linux compliant?
D) Any else tip that might come to your mind please say it so.

I would like to thank you for your help

Best Regards
Alex

The data is encrypted with the Blowfish symmetric block cipher algorithm, the algorithm key is derived from the SHA-1 hash of the password, with a key length of 156 bits (20 bytes). The data into the wallet file is also hashed with SHA-1 and checked before the data is deciphered and accessible by the applications.

http://docs.kde.org/development/en/k...#ftn.id2473282

Quote:

Originally Posted by alaios

I have 3 banks with different passwords for different things (on-line banking, pin cards e.t.c) and thus it is not easy to memorize all them.

Good idea. If you can't memorize your bank passwords, you're (likely) doing something right.

You already have an answer to your kwallet question. Blowfish is a well regarded cipher. Make sure you use a strong kwallet password, as that's what your encryption key will be derived from. That's the only one you need to remember. :)

You might consider using Password Safe instead. It's endorsed by Bruce Schneier (and in fact created him, iirc). The file format has become somewhat of a de facto standard, which is compatible with a variety of apps on different platforms. It's even supported on some PDAs, so you have access to all your passwords wherever you are.

In linux, there are GUI as well as CLI apps that support the passwordsafe format. There's also an emacs major mode for it. There is a field for username, password, and notes. So you can stash card numbers, CVV codes, exp dates, pin codes, etc in the notes field.

The weakest point is not encryption or master password strength (unless it's stupidly weak) but master password capture. Originally this was by keylogging and the response was to use a graphical keyboard but I understand the bad guys can crack those too now (sorry -- forgotten source of info). Whatever systems are devised it seems it is just a technology race until the bad guys can crack them. For these reasons the best solution is to use a virtual machine without shared data storage with the real machine and to use it only for sensitive transactions. It is less likely to be subject to attack than a day-to-day system used for a variety of tasks. Ideally its virtual disk can be routinely re-initialised after each use so any successful attack is nullified.

Check out keepass:
http://www.keepassx.org/