How secure asymmetric encryption to yourself?

Sven Radde email at
Mon Feb 23 23:14:08 CET 2009


gerry_lowry (alliston ontario canada) schrieb:
> Sven Radde wrote, in part:
>     "... there are more usable ways of managing one's passwords
>          than storing them in a GnuPG file".
> I'm curious what "more usable ways" there are that Sven and others
> can recommend.

/First of all, @Listowner: Let me know if this should be taken off-list
because it's too OT.../

I mean tools like Keepass/KeepassX, PasswordSafe, or similar (even the
Firefox password manager can encrypt stored passwords with 3DES and a
master password). I also mean a Truecrypt volume or loopback container
for storing the password file. For Linux, encfs or ecryptfs come to
mind, too.

The reasons are as follows: With GnuPG, you have encrypted one file. To
be secure, you must now delete the original copy, which is not easy in
itself, although recent research [1] seems to show that a single
overwrite is sufficient for secure wiping. Didn't we have a discussion
about secure deletion not too long ago?

Now, to access your encrypted passwords, you need to decrypt the file,
resulting in an unencrypted version of it on your drive. When you are
done, you have to securely delete it again. If you have modified the
file, you have to remember to encrypt it between having saved the
changes and deleting it.

Of course, you can set the thing up in a way that the unencrypted file
is written to a RAM-only disk, but keep hibernation and swapfile issues
in mind.

You can also have GnuPG output the data to the console only, if you just
have to read a password (I have no idea if there are possibilities that
console output find its way into logfiles or similar, though). Depending
on the size of your password file, you have quite a number of lines
written to the console where you have to find the password that you need
for the moment. If you'd format the file like:
purpose1 -> password1
purpose2 -> password2
you could do something like "gpg passwords.gpg | grep purpose2" to find
the password you need.

As mentioned, some shellscripts could automate the process (create a
ramfs mountpoint, decrypt the password file to there, grep it to find a
desired password, or launch a text editor, re-encrypt the file after the
editor closes, unmount the ramfs).

KeepassX, e.g., supports organizing your password file into groups,
adding metadata such as URLs to the passwords, comfortable hotkeys,
integrated random password generator, password entropy estimation etc.
The main difference, though is the transparent way to access your
passwords (this is also true for Truecrypt and the other mentioned
encrypting filesystems): Enter the master-password, work with the
password file(s), lock the storage again. Done. No unencrypted copy on
disk, ever (apart from the abovementioned swapfile and hibernation).

Given these tools I also disagree with the notion that "frequently used
passwords reside in one's memory" (although I remember quite some
passwords, myself). Password-reuse is one of the greatest problems with
passwords (and, btw, becomes quite infeasible once you have to deal with
varying complexity-policies, different expiration-intervals etc) and
passwords you have to remember tend, in general, to be weaker than those
that you don't have to remember.
With Keepass, you can have a different 20-character pseudo-random
password for every stupid web forum (not to mention the more important
things). It just doesn't matter whether your password is "123" or
"las2ieu7hxalm5iuemalie" if it's just pressing "Ctrl-Shift-A" to
auto-type username and password into the login form.

I do not mean to endorse specific pieces of software here, nor do I mean
to belittle GnuPG. But I think you need the right tool for right task.
And GnuPG IMHO has its strengths not in providing protection to
frequently accessed (and modified) files.
If you need to archive a backup copy of your passwords on a remote
server, that's a wholly different issue, though. GnuPG will do an
excellent job there and digital signatures are even a bonus.

cu, Sven

[1] --
unfortunately only the abstract is free for general access

More information about the Gnupg-users mailing list