storing passwords and like sensitive info in linux?
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
can anyone point out some flaws in that usage?
for me it looks perfect -vim is almost anywhere, decrypted verion not show in filesystem, built-in cipher and so on...
btw, what is nowadays with default encoding in vim?
it is utf8 or what?
any another advices?
can anyone point out some flaws in that usage?
for me it looks perfect -vim is almost anywhere, decrypted verion not show in filesystem, built-in cipher and so on...
You may also want 'noswapfile' and 'noundofile' options.
I use vim in xterm to keep secret stuff, but with the standard gpg encryption. This is the relevant part of .vimrc:
if not secret, why you choose .gpg over vim build-in encryption?
I think that for vim developers encryption is not an important feature. So, if it will be broken, it can take years to fix. For example, in current vim the langmap is broken in some situations (namely, when applied to a multibyte character, vim doesn't check for mappings). This is a known bug for several years and nobody cares to fix it. I don't want to be in a similar situation with encryption.
Isn't telling the whole internet how you store your passwords & sensitive info a mistake?
if your crypto or password sucks, not telling anyone anyhow do not save you, if anyone get interested.
and vice versa - if you have good password and goot algorytm, then i do not see any problems - all world compute power for tens of years not enought to brute-force it.
but if you are important enought, there is a mans in black, and with soldering iron, who can come to you, and in old, fashioned methods, you tell im all your keys, passwords, and all what he want to know in minutes... :P
I'm lucky. I'm too poor and insignifant for criminals & 3-letter agencies to take an interest in. So I write my passwords on bits of paper, stowed in places where only I could find them.
I'm lucky. I'm too poor and insignifant for criminals & 3-letter agencies to take an interest in. So I write my passwords on bits of paper, stowed in places where only I could find them.
as i do for many years.
but as systems and passwords and so going to more and more,and my memory get worse it was very useful to have a just file with most important info, who i can have on various systems, and maybe even on my phone -encrypted, and readable only by me, but in any time, and any place.
The relative security of anything like an encrypted password file is also related to basic network security. Firewalls can not only have honey pots but fangs as well, or at the very least where intrusion attempts rarely go unnoticed.
Anecdote - I was once on a Linux IRC channel and casually pinged a member who immediately asked me why I pinged him. It turned out he had such attempts STDOUT'ed to an old and LOUD dot matrix printer alerting him with nearly an immediate, and lasting alarm/record. I later learned he was 14 years old. I was impressed and did definitely take note.
if your crypto or password sucks, not telling anyone anyhow do not save you, if anyone get interested.
and vice versa - if you have good password and goot algorytm, then i do not see any problems - all world compute power for tens of years not enought to brute-force it.
but if you are important enought, there is a mans in black, and with soldering iron, who can come to you, and in old, fashioned methods, you tell im all your keys, passwords, and all what he want to know in minutes... :P
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.