LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-20-2010, 04:21 AM   #1
alaios
Senior Member
 
Registered: Jan 2003
Location: Aachen
Distribution: Opensuse 11.2 (nice and steady)
Posts: 2,203

Rep: Reputation: 45
Where do you store your bank accounts passwords?


Hello everyone.
I need some tips of how to securely store my bank accounts numbers.
First I think it might be useful to let you know that so far I have 3 banks with different passwords for different things (on-line banking, pin cards e.t.c) and thus it is not easy to memorize all them.

So far I use kwalletmanager and store them in a wallet with pretty long password (20+ characters with numbers, letters and special characters).

Please accept the following questions
A) Does kwalletmanager use a secure way of storing its files? Do you know if its files are encrypted? If not do you know any kde program that can encrypt this file? So to decrypt every time I want to read it.
B) I know that kwalletmanager keeps every wallet on a single file and thus I can put this file into a usb (in case my pc is stolen).
C) Do you know any usb devices that can encrypt the data that are written inside it? Are these linux compliant?
D) Any else tip that might come to your mind please say it so.

I would like to thank you for your help

Best Regards
Alex
 
Old 09-20-2010, 12:44 PM   #2
bsdunix
Senior Member
 
Registered: May 2006
Distribution: BeOS, BSD, Caldera, CTOS, Debian, LFS, Mac, Mandrake, Red Hat, Slackware, Solaris, SuSE
Posts: 1,761

Rep: Reputation: 80
The data is encrypted with the Blowfish symmetric block cipher algorithm, the algorithm key is derived from the SHA-1 hash of the password, with a key length of 156 bits (20 bytes). The data into the wallet file is also hashed with SHA-1 and checked before the data is deciphered and accessible by the applications.

http://docs.kde.org/development/en/k...#ftn.id2473282
 
1 members found this post helpful.
Old 09-20-2010, 02:14 PM   #3
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by alaios
I have 3 banks with different passwords for different things (on-line banking, pin cards e.t.c) and thus it is not easy to memorize all them.
Good idea. If you can't memorize your bank passwords, you're (likely) doing something right.

You already have an answer to your kwallet question. Blowfish is a well regarded cipher. Make sure you use a strong kwallet password, as that's what your encryption key will be derived from. That's the only one you need to remember.
 
1 members found this post helpful.
Old 10-10-2010, 08:14 AM   #4
gnuweenie
Member
 
Registered: Oct 2010
Posts: 35

Rep: Reputation: Disabled
You might consider using Password Safe instead. It's endorsed by Bruce Schneier (and in fact created him, iirc). The file format has become somewhat of a de facto standard, which is compatible with a variety of apps on different platforms. It's even supported on some PDAs, so you have access to all your passwords wherever you are.

In linux, there are GUI as well as CLI apps that support the passwordsafe format. There's also an emacs major mode for it. There is a field for username, password, and notes. So you can stash card numbers, CVV codes, exp dates, pin codes, etc in the notes field.
 
Old 10-10-2010, 09:09 AM   #5
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Debian
Posts: 8,578
Blog Entries: 31

Rep: Reputation: 1198Reputation: 1198Reputation: 1198Reputation: 1198Reputation: 1198Reputation: 1198Reputation: 1198Reputation: 1198Reputation: 1198
The weakest point is not encryption or master password strength (unless it's stupidly weak) but master password capture. Originally this was by keylogging and the response was to use a graphical keyboard but I understand the bad guys can crack those too now (sorry -- forgotten source of info). Whatever systems are devised it seems it is just a technology race until the bad guys can crack them. For these reasons the best solution is to use a virtual machine without shared data storage with the real machine and to use it only for sensitive transactions. It is less likely to be subject to attack than a day-to-day system used for a variety of tasks. Ideally its virtual disk can be routinely re-initialised after each use so any successful attack is nullified.
 
Old 10-10-2010, 10:03 PM   #6
abefroman
Senior Member
 
Registered: Feb 2004
Location: lost+found
Distribution: CentOS
Posts: 1,430

Rep: Reputation: 55
Check out keepass:
http://www.keepassx.org/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Bank robbery and one-time passwords.... newslink aus9 General 1 03-19-2009 05:34 PM
Plethora of accounts and passwords prabhatsoni Linux - Software 1 03-14-2009 11:10 PM
Keyrings - a place to store passwords for many systems? Chris Sharman Linux - Security 2 05-03-2008 01:46 AM
How do I tell khtml to *never* store passwords. jonaskoelker Linux - Software 0 05-29-2006 03:43 PM
Passwords for accounts ToothlessRebel Slackware 4 07-05-2005 01:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration