[nycbug-talk] password repository
Josh Rivel
josh at rivels.org
Wed Dec 30 21:31:30 EST 2009
All.
On Dec 30, 2009, at 4:26 PM, Chris Snyder wrote:
> On Wed, Dec 30, 2009 at 3:37 PM, Isaac Levy <ike at lesmuug.org> wrote:
>> On Dec 30, 2009, at 2:50 PM, Chris Snyder wrote:
>>
>>> On Wed, Dec 30, 2009 at 2:35 PM, Okan Demirmen <okan at demirmen.com> wrote:
>>>
>>>> truecrypt is analogues to disk/volume encrypting bits we already have in
>>>> bsd - but it doesn't help if this image is mounted on a server
>>>> somewhere..and say someone doesn't un-mount it after use...
>>>
>>> Sort of. The point of using something cross-platform is that devs /
>>> admins mount the image locally on their Win/Mac workstations. And you
>>> don't need to explain openssl to the Windows guys...
>>
>> Just to be clear- Is that the only benefit of Truecrypt, Windows
>> compatibility? I've never used it and I'm just curious... (perhaps I
>> should *try* it)
>
> For this, yeah: Mac/Win/Linux compat and GUI.
>
> TC has a plausible-deniability mode that embeds an image within an
> image, so that in theory you could give out the "outer" password if
> someone held a gun to your head, and keep the inner password secret.
>
> By the way, I'm not sure if they use a password salt or not, I seem to
> recall warnings about saving .tc files in version control because they
> might leak info if attacker has many versions of the same file. For
> that reason alone the openssl approach is better if you're a unix
> shop.
How about Password Safe? http://passwordsafe.sourceforge.net/
There are Linux clients, Windows, Mac, and some CLI stuff as well. Setup a passphrase for unlocking the "safe" and you can use it with Windows/Mac/Linux and there are GUI's for them as well.
I use it at work between Windows and Linux (The encrypted safe file is actually on my Windows home file share which is backed up, etc.) and I access it from my Linux workstation with no issues.
Hope this is useful....
Josh
More information about the talk
mailing list