LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   storing passwords and like sensitive info in linux? (https://www.linuxquestions.org/questions/slackware-14/storing-passwords-and-like-sensitive-info-in-linux-4175614935/)

WiseDraco 10-03-2017 04:07 AM

storing passwords and like sensitive info in linux?
 
Hello!
i do a bit of investigation about subj, and come to vim with blowfish2 encryption.

http://blog.learningtree.com/encrypting-with-vim/

can anyone point out some flaws in that usage?
for me it looks perfect -vim is almost anywhere, decrypted verion not show in filesystem, built-in cipher and so on...

btw, what is nowadays with default encoding in vim?
it is utf8 or what?
any another advices?

Didier Spaier 10-03-2017 04:29 AM

Quote:

Originally Posted by WiseDraco (Post 5765676)
btw, what is nowadays with default encoding in vim?
it is utf8 or what?

Care to read the VIM documentation?

TIP: type UTF-8 in the search field of this page: http://vimdoc.sourceforge.net/

WiseDraco 10-03-2017 04:35 AM

ok, thanks:

If your current locale is in an utf-8 encoding, Vim will automatically start
in utf-8 mode.

If you are using another locale:

set encoding=utf-8

slalik 10-03-2017 04:51 AM

Quote:

Originally Posted by WiseDraco (Post 5765676)
Hello!
i do a bit of investigation about subj, and come to vim with blowfish2 encryption.

http://blog.learningtree.com/encrypting-with-vim/

can anyone point out some flaws in that usage?
for me it looks perfect -vim is almost anywhere, decrypted verion not show in filesystem, built-in cipher and so on...

You may also want 'noswapfile' and 'noundofile' options.

I use vim in xterm to keep secret stuff, but with the standard gpg encryption. This is the relevant part of .vimrc:
Code:

set backupskip+=secrets.gpg
 
augroup encrypted
  autocmd!
  autocmd BufReadPre,FileReadPre secrets.gpg
    \ set viminfo= | setlocal noswapfile noundofile bin
  autocmd BufReadPost,FileReadPost secrets.gpg
    \ execute "silent '[,']!gpg --decrypt --quiet --no-use-agent
    \ 2> /dev/null" | setlocal nobin nospell |
    \ execute "doautocmd BufReadPost " . expand("%:r") |
    \ silent! execute "!xdotool key F12 &>/dev/null || true"
  autocmd BufWritePre,FileWritePre secrets.gpg setlocal bin |
    \ '[,']!gpg --encrypt --recipient secrets --quiet --no-use-agent
  autocmd BufWritePost,FileWritePost secrets.gpg silent u | setlocal nobin
  autocmd VimLeave secrets.gpg !clear
augroup END

and this is a part of .Xresources:
Code:

XTerm*VT100.translations: #override \n\
  ...
  Meta<Key>s: secure() string(" view ~/secrets.gpg") string(0x0d) \n\
  <Key>F12: secure() \n\
  ...

As you see, Alt-s in xterm calls vim to read ~/secrets.gpg. The secure mode in xterm prevents typing password in a wrong window :)

WiseDraco 10-03-2017 05:29 AM

Quote:

Originally Posted by slalik (Post 5765690)
You may also want 'noswapfile' and 'noundofile' options.

I use vim in xterm to keep secret stuff, but with the standard gpg encryption. This is the relevant part of .vimrc:[CODE]set backupskip+=secrets.gpg


thanks for sharing valuable information!

if not secret, why you choose .gpg over vim build-in encryption?

slalik 10-03-2017 07:12 AM

Quote:

Originally Posted by WiseDraco (Post 5765698)
if not secret, why you choose .gpg over vim build-in encryption?

I think that for vim developers encryption is not an important feature. So, if it will be broken, it can take years to fix. For example, in current vim the langmap is broken in some situations (namely, when applied to a multibyte character, vim doesn't check for mappings). This is a known bug for several years and nobody cares to fix it. I don't want to be in a similar situation with encryption.

montagdude 10-03-2017 07:56 AM

I use this:

http://slackbuilds.org/repository/14...assword-store/

But any number of password managers would do just as well.

brianL 10-03-2017 08:05 AM

Isn't telling the whole internet how you store your passwords & sensitive info a mistake?

enorbet 10-03-2017 08:18 AM

1 Attachment(s)
Quote:

Originally Posted by brianL (Post 5765732)
Isn't telling the whole internet how you store your passwords & sensitive info a mistake?

Perhaps not, if one uses this avatar ;)

WiseDraco 10-03-2017 08:30 AM

Quote:

Originally Posted by brianL (Post 5765732)
Isn't telling the whole internet how you store your passwords & sensitive info a mistake?

if your crypto or password sucks, not telling anyone anyhow do not save you, if anyone get interested.

and vice versa - if you have good password and goot algorytm, then i do not see any problems - all world compute power for tens of years not enought to brute-force it.

but if you are important enought, there is a mans in black, and with soldering iron, who can come to you, and in old, fashioned methods, you tell im all your keys, passwords, and all what he want to know in minutes... :P

brianL 10-03-2017 08:47 AM

I'm lucky. I'm too poor and insignifant for criminals & 3-letter agencies to take an interest in. So I write my passwords on bits of paper, stowed in places where only I could find them. ;)

WiseDraco 10-03-2017 08:52 AM

Quote:

Originally Posted by brianL (Post 5765743)
I'm lucky. I'm too poor and insignifant for criminals & 3-letter agencies to take an interest in. So I write my passwords on bits of paper, stowed in places where only I could find them. ;)

as i do for many years.
but as systems and passwords and so going to more and more,and my memory get worse it was very useful to have a just file with most important info, who i can have on various systems, and maybe even on my phone -encrypted, and readable only by me, but in any time, and any place.

this tale is all about that... :P

enorbet 10-03-2017 09:52 AM

The relative security of anything like an encrypted password file is also related to basic network security. Firewalls can not only have honey pots but fangs as well, or at the very least where intrusion attempts rarely go unnoticed.

Anecdote - I was once on a Linux IRC channel and casually pinged a member who immediately asked me why I pinged him. It turned out he had such attempts STDOUT'ed to an old and LOUD dot matrix printer alerting him with nearly an immediate, and lasting alarm/record. I later learned he was 14 years old. I was impressed and did definitely take note.

frankbell 10-03-2017 08:31 PM

I have used KeepassX for a number of years and have been quite happy with it.

There's a SlackBuild.

Richard Cranium 10-03-2017 09:00 PM

Quote:

Originally Posted by WiseDraco (Post 5765741)
if your crypto or password sucks, not telling anyone anyhow do not save you, if anyone get interested.

and vice versa - if you have good password and goot algorytm, then i do not see any problems - all world compute power for tens of years not enought to brute-force it.

but if you are important enought, there is a mans in black, and with soldering iron, who can come to you, and in old, fashioned methods, you tell im all your keys, passwords, and all what he want to know in minutes... :P

https://xkcd.com/538/ sums it up.


All times are GMT -5. The time now is 11:29 PM.