From: Rick Moen <>
Subject: Re: [Balug-talk] Ask balug: Managing Passwords
Date: Thu, 5 May 2005 16:39:29 -0700
X-Mas: Bah humbug.
User-Agent: Mutt/1.5.6+20040907i

Quoting Bill Moseley (

> My question is how do you track your passwords? Do you gpg encrypt a
> file on your machine? Or do you just store it as plain text and not
> worry about it? Or is your password list not available on your
> machine?

Because I use a PalmPilot quite a lot, I rely on a 3DES-encrypting password store for PalmOS called Keyring ( Thus, I am able to have globally unique passwords absolutely everywhere (except in places it truly doesn't matter), and need remember only one password, that of Keyring itself.

The Keyring database file gets backed up onto my Linux workstation using JPilot, which serendipitously happens to include Keyring conduit software, letting me view/edit/enter Keyring records if I wish.

Keyring includes a nifty, customisable pseudorandom password generator. The JPilot conduit has one, too, but not nearly as nice.

> I was thinking of using gpg to encrypt locally, but it's kind of a
> pain to edit — although I'm sure there's a way to get vim to open the
> file and re-encrypt it on saves. Oh, I guess it's not that hard:

kgpg helps (KDE thing):

Some people like MyPasswordSafe, which is Qt-based and uses Blowfish:

It's actually a GUI-ised fork of Password Safe:

Password Gorilla does the same trick on Password Safe, but using tcl/tk instead of Qt:

TkPasMan is (obviously) another tcl/tk-based thing:

KWallet (included in kdeutils) is the canonical KDE implementation:

Revelation is a gtk+/GNOME2 thing:

pwsafe is a command-line password-management tool:

> A friend I asked once uses a plain text file. He said he doesn't
> encrypt since the private key is available on the same machine (seems
> a passphrase solves that), and if someone gets in as root he's hosed
> anyway.

This is why I try to never get into my Keyring store from JPilot's conduit if humanly possible, only from my PalmPilot: The threat models are slightly more manageable.

Date: Fri, 6 May 2005 15:38:32 -0700 (PDT)
From: "Mark R. Cervarich" <>
Subject: Re: [Balug-talk] Ask balug: Managing Passwords

On Wed, 4 May 2005, Bill Moseley wrote:

> So, I'm just looking for suggestions on managing passwords (or any > text) I want available on my machine but in a reasonably secure way.

For my "important passwords", I've been using:
"The Password Management System is a simple password manager for the console that uses blowfish for encryption and CDK for the interface."

It's simple, it works from the command line, and it's very safe.

I heard about it when Marcel Gagne wrote about it in Linux Journal: